SS7 Vulnerability Mitigation
A number of significant vulnerabilities exists in the Signalling System 7 (SS7) core infrastructure of cellular network carriers. If carriers don't take appropriate actions to mitigate these vulnerabilities, users of the carriers' cellular networks (individuals, businesses, governments) are exposed on their mobile devices (and any other devices connected to cellular networks) to SS7-based hacking attacks.
A variety of SS7 vulnerabilities exist for street-level mobile phone localisation, data theft, remote call interception and more. Some basic examples include:
Real-time call interception: the call is routed
to the attacker's system, the attacker bridges the
call to the originally called party and records
Billing fraud: one method of billing fraud is by the
attacker using USSD codes to execute remote
commands on behalf of the subscriber, transfer
prepaid credits via USSD to the attacker, and
forward call setting/deletion without the
Cell-level tracking: it is possible in cities to track
subscribers down to street level; the HLR block/filter
can be bypassed by querying the Visitors Location
Register instead and still obtain the global cell ID
for the subscriber.
The Solution - Detect, Protect and Penetration Test
For cellular carriers in NZ, Fiji and Solomon Islands and elsewhere across Polynesia and Melanesia, ARC Solutions can help you mitigate your nationwide cellular network risks from SS7 vulnerabilities through our partnership with ESD America/GSMK Cryptophone.
ESD Oversight Detect - provides the cellular network carrier an ongoing analysis of protocol data and alarm/logging of events. This is performed without network interference via a passive network tap connection.
ESD Oversight Protect - provides an active cellular firewall for the carrier's cellular network.
ESD Oversight Penetration Testing SS7 Vulnerabilities - provides a cellular carrier the means to find out to what extent network elements (HLR, VLR/MSC, SGSN) under the carrier's management are vulnerable to known SS7 attacks.
The benefits for carriers using our partners' solutions include reduced costs in billing fraud, safer networks through reduced unrecognised SS7 traffic requests and less foreign surveillance activity on the networks.
Contact ARC Solutions anytime to arrange a private, confidential, encrypted and secure conversation about your carrier's or country's requirements.