Well, I started
my first doctoral level class at DSU last week, the course I am taking is in
Wireless Security. So, guess what today’s
blog is all about? The threats to it!!! So let’s get started. Many of us use our smartphone for both our
personal and professional lives. If we
lose it, a total feeling of paralysis comes over us.
Even though Wireless
Communications seems simple to use, the technology that drives it is actually
complex. One such protocol that you may
not have heard of is known as the “Signaling System 7”, also known as the “SS7”
for short.
A technical
definition of it is as follows:
“It is the
system that controls how telephone calls are routed and billed, and it enables
advanced calling features and Short Message Service (SMS). It may also be
called Signaling System No. 7, Signaling System No. 7 or -- in the United
States -- Common Channel Signaling System 7, or CCSS7.”
(SOURCE: https://www.techtarget.com/searchnetworking/definition/Signaling-System-7)
Despite its
level of importance in Wireless Communications, it still uses the old fashioned
“Trust Based Architecture”, in which all users are presumed to be authentic and
legitimate. Meaning, there are no mechanisms
that are implemented into it to actually confirm the identity of the user before
they are given access to use the available resources. Thus, it has become a prime target for the Cyberattacker.
Here is a
sampling of the attacks that the SS7 is vulnerable to:
1)
Phishing:
As
I have mentioned before, this is probably the oldest threat variant in the books. But it is still being used today, and has become
even deadlier than ever. In this
instance, the Cyberattacker can easily intercept the lines of communications, and
from there, insert a Phishing message.
This very often comes in the form of a text message, and this kind of
hack is known as “Smishing”. But unlike
Phishing emails, it is hard to determine if a text message is real or not, because there are no other
telltale clues except for any spelling or grammatical mistakes.
2)
Credentials:
If
you make use of Two Factor Authentication (2FA) on your smartphone, there is a chance
that whatever information or data you provide to confirm your identity can also
be stolen. This is because the SS7,
while it does not support 2FA (as far as I know), leaves that backdoor open so
that the Cyberattacker can steal it. This
in turn can be used to spoof your identity.
This kind of vulnerability also increases the attack surface amongst the
major telecom carriers (such as Sprint, T-Mobile, Verizon, AT&T, etc.).
3)
Denial
Of Service:
The
acronym for this is “DoS”. This is where
the Cyberattacker overloads a server with malformed data packets in order to greatly
slow down its processing power. If multiple
servers are targeted, and multiple devices are used to launch the malicious data
packets, then this becomes known as a “Distributed Denial Of Service” attack,
also known as a “DDoS”. The primary
target for these kinds of attacks are typically those that host web
applications. But over time, as
technology has evolved, this risk has become more mitigated, especially with
the deployment of the “Next Generation Firewall”. But this is not so with Wireless Communications. Because of its aging security mechanisms, the
SS7 makes now easier than ever before for the Cyberattacker to launch massive
DoS or DDoS attacks onto the Wireless Grid, and from there, render hundreds and
even thousands of devices unable to communicate with another.
4)
Expense:
Because
attacks to the SS7 very often don’t get noticed immediately, all businesses, no
matter how large or small they might be, end up having to pay higher costs because
of the damage that has been incurred as a result of any security breach. This doesn’t get realized until the bill is
received, and the expenses are much higher than expected. Worst yet, if the Cyberattacker adds covertly
adds on more services to the smartphone plan, this will drive up costs even
more.
My
Thoughts On This:
So you might
be asking now how you can mitigate the risks of the security vulnerabilities that
are posed by the SS7? Here are some
tips:
1)
Watch
the bills:
Just
don’t wait for the electronic or paper statement to be delivered. Instead, as your Wireless Provider to provide
you with charges as they happen, on a real time basis. That way, if anything looks unusual, you will
be able to nip it in the bud. Also, you
should be able to set certain threshold levels, so that if a certain expense
limit is reached, it will automatically turn that service off until you
investigate further. On a side note,
this kind of feature is also available if you use cloud-based services, such as
Microsoft Azure. You can establish certain
billing thresholds, and if any go over the limit, your Virtual Machine (VM) will
pause until you reactivate again.
2)
Watch
the Bot:
Just
like Generative AI, Bots can be both useful and a menace. In the case of the latter, the Cyberattacker
typically uses them in order to further ramp up the scale of their hacks. Ask your Wireless Provider about any tools
that you can use to keep the Bots at bay.
While the defenses may not be stellar, you will at least keep your bill
to an expected level.
3)
Use
Geofencing:
To
me this was a new term, so I looked it up.
Here is a definition of it:
“A geofence is a virtual fence or
perimeter around a physical location. Like a real fence, a geofence creates a separation
between that location and the area around it. Unlike a real fence, it can also detect movement inside the
virtual boundary. It can be any size or shape, even a straight line between two points.”
(SOURCE: https://www.verizonconnect.com/glossary/what-is-a-geofence/)
In other words, you can create “virtual
fences” across the physical areas in which your employees use their smartphones. The key advantage to this is that you will be
able to quickly notice (via
alerts) any devices that leave or enter this perimeter. Of course, you will want to create a filter
so that an alert can also be triggered if an unknown device penetrates through
the “virtual fence”.
No comments:
Post a Comment