Sunday, September 1, 2024

4 Grave Threats To The SS7 Wireless Protocol

 


Well, I started my first doctoral level class at DSU last week, the course I am taking is in Wireless Security.  So, guess what today’s blog is all about?  The threats to it!!!  So let’s get started.  Many of us use our smartphone for both our personal and professional lives.  If we lose it, a total feeling of paralysis comes over us. 

Even though Wireless Communications seems simple to use, the technology that drives it is actually complex.  One such protocol that you may not have heard of is known as the “Signaling System 7”, also known as the “SS7” for short. 

A technical definition of it is as follows:

“It is the system that controls how telephone calls are routed and billed, and it enables advanced calling features and Short Message Service (SMS). It may also be called Signaling System No. 7, Signaling System No. 7 or -- in the United States -- Common Channel Signaling System 7, or CCSS7.”

(SOURCE:  https://www.techtarget.com/searchnetworking/definition/Signaling-System-7)

Despite its level of importance in Wireless Communications, it still uses the old fashioned “Trust Based Architecture”, in which all users are presumed to be authentic and legitimate.  Meaning, there are no mechanisms that are implemented into it to actually confirm the identity of the user before they are given access to use the available resources.  Thus, it has become a prime target for the Cyberattacker. 

Here is a sampling of the attacks that the SS7 is vulnerable to:

1)     Phishing:

As I have mentioned before, this is probably the oldest threat variant in the books.  But it is still being used today, and has become even deadlier than ever.  In this instance, the Cyberattacker can easily intercept the lines of communications, and from there, insert a Phishing message.  This very often comes in the form of a text message, and this kind of hack is known as “Smishing”.  But unlike Phishing emails, it is hard to determine if a text message  is real or not, because there are no other telltale clues except for any spelling or grammatical mistakes.

2)     Credentials:

 

If you make use of Two Factor Authentication (2FA) on your smartphone, there is a chance that whatever information or data you provide to confirm your identity can also be stolen.  This is because the SS7, while it does not support 2FA (as far as I know), leaves that backdoor open so that the Cyberattacker can steal it.  This in turn can be used to spoof your identity.  This kind of vulnerability also increases the attack surface amongst the major telecom carriers (such as Sprint, T-Mobile, Verizon, AT&T, etc.).

 

3)     Denial Of Service:

The acronym for this is “DoS”.  This is where the Cyberattacker overloads a server with malformed data packets in order to greatly slow down its processing power.  If multiple servers are targeted, and multiple devices are used to launch the malicious data packets, then this becomes known as a “Distributed Denial Of Service” attack, also known as a “DDoS”.  The primary target for these kinds of attacks are typically those that host web applications.  But over time, as technology has evolved, this risk has become more mitigated, especially with the deployment of the “Next Generation Firewall”.  But this is not so with Wireless Communications.  Because of its aging security mechanisms, the SS7 makes now easier than ever before for the Cyberattacker to launch massive DoS or DDoS attacks onto the Wireless Grid, and from there, render hundreds and even thousands of devices unable to communicate with another.

4)     Expense:

Because attacks to the SS7 very often don’t get noticed immediately, all businesses, no matter how large or small they might be, end up having to pay higher costs because of the damage that has been incurred as a result of any security breach.  This doesn’t get realized until the bill is received, and the expenses are much higher than expected.  Worst yet, if the Cyberattacker adds covertly adds on more services to the smartphone plan, this will drive up costs even more. 

My Thoughts On This:

So you might be asking now how you can mitigate the risks of the security vulnerabilities that are posed by the SS7?  Here are some tips:

1)     Watch the bills:

Just don’t wait for the electronic or paper statement to be delivered.  Instead, as your Wireless Provider to provide you with charges as they happen, on a real time basis.  That way, if anything looks unusual, you will be able to nip it in the bud.  Also, you should be able to set certain threshold levels, so that if a certain expense limit is reached, it will automatically turn that service off until you investigate further.  On a side note, this kind of feature is also available if you use cloud-based services, such as Microsoft Azure.  You can establish certain billing thresholds, and if any go over the limit, your Virtual Machine (VM) will pause until you reactivate again.

2)     Watch the Bot:

Just like Generative AI, Bots can be both useful and a menace.  In the case of the latter, the Cyberattacker typically uses them in order to further ramp up the scale of their hacks.  Ask your Wireless Provider about any tools that you can use to keep the Bots at bay.  While the defenses may not be stellar, you will at least keep your bill to an expected level.

3)     Use Geofencing:

To me this was a new term, so I looked it up.  Here is a definition of it:

               “A geofence is a virtual fence or perimeter around a physical location. Like a real fence, a                geofence creates a separation between that location and the area around it. Unlike a real fence,          it can also detect movement inside the virtual boundary. It can be any size or shape, even a              straight line between two points.”

               (SOURCE:  https://www.verizonconnect.com/glossary/what-is-a-geofence/)

               In other words, you can create “virtual fences” across the physical areas in which your       employees use their smartphones.  The key advantage to this is that you will be able to quickly            notice (via alerts) any devices that leave or enter this perimeter.    Of course, you will want to create a filter so that an alert can also be triggered if an unknown device penetrates through the “virtual fence”.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...