Today, cybercriminals are not only aware of the security issues of signaling networks, but also actively exploit these vulnerabilities. According to the results of monitoring by Positive Technologies , attackers monitor subscribers, intercept calls, bypass billing systems, and block users. Only one large operator with a subscriber base of several tens of millions of people is exposed to more than 4 thousand cyber attacks every day.
Security monitoring projects in SS7 networks were carried out for large telecom operators in Europe and the Middle East. Attacks with the aim of fraud, disruption of subscriber availability, and interception of subscriber traffic (including calls and SMS messages) totaled less than two percent. However, such threats are the most dangerous for users.
According to the research results, 100% of attacks aimed at intercepting SMS messages are successful for cybercriminals. At the same time, theft of one-time codes transmitted in this way is fraught with the compromise of RBS systems, mobile banks, online stores, portals of government services and many other services. In 2021, an example of such an attack was the interception of SMS messages from subscribers of a German mobile operator, as a result of which money was stolen from users' bank accounts.
Another type of attack - denial of service - poses a threat to the electronic devices of the Internet of Things. Today, not only individual user devices are connected to mobile networks, but also elements of the infrastructure of smart cities, modern industrial enterprises, transport, energy and other companies.
Serious concerns are also associated with fraud against the operator or subscribers. A significant part of such attacks were related to the unauthorized sending of USSD requests (81%). Such requests allow you to transfer money from the subscriber's account, subscribe the subscriber to an expensive service, or send a phishing message on behalf of a trusted service.
The security of mobile networks is still at a low level, which is confirmed by the results of the analysis of the security of SS7 networks presented in the first part of the report. The sample included data from the 24 most informative projects in the networks of operators in Europe (including Russia) and the Middle East in 2016-2017, half of which have a subscriber base of more than 40 million people.
Almost every network can listen to a subscriber's conversation or read incoming SMS messages, and fraudulent operations can be successfully carried out in 78% of networks. All networks contain dangerous vulnerabilities that can disrupt the availability of services for subscribers.
“Operators are aware of the existing risks and draw conclusions: in 2021, the SMS Home Routing system was functioning in all studied networks, and a filtering and blocking system for signaling traffic was installed in every third network,” says Dmitry Kurbatov, head of the security department of telecommunications systems at Positive Technologies. - But this is not enough. To date, all networks have been exposed to vulnerabilities associated with both special cases of incorrect hardware configuration and architectural problems of SS7 signaling networks, which cannot be eliminated with the available means."
The report notes that only a comprehensive approach to solving security problems, including regular security analysis, keeping network settings up to date, constant monitoring of signaling traffic and timely detection of illegal activity, can provide a high level of protection from criminals.
Earlier, "Hacker" wrote about SMS security holes and bypassing two-factor authorization.
