SS7 Security

Deployed for the past 35 years, SS7 provides signaling that enables mobile and fixed network operators to setup/teardown calls, to route text (SMS) messages, support inter-network connectivity and transparent roaming, and to provide per-session information such as caller ID. Today SS7 is a critical part of the global telecommunications infrastructure. Because SS7 networks were originally designed to work within an operator’s trusted domain or to interwork between trusted operators, security was not a top design consideration nor were potential SS7 vulnerabilities adequately addressed.

Cellusys, the signaling network security experts, state that a hacker’s access to SS7 technical product information, SS7 protocol message generation, and to the SS7 network itself is easy and inexpensive.

SS7 vulnerabilities can be grouped into the following categories:

  • Obtaining subscriber information – illegally gain access to a subscriber’s unique identifier and location, which is then used to facilitate other security attacks
  • Eavesdropping on subscriber traffic – illegal listening or recording of calls or text messages without subscriber consent
  • Financial theft – false representation to illegally receive or send SMS messages enabling theft of user account access information (username and password) which enables financial theft
  • Disruption of subscriber service – malicious interruption of subscriber service or the enablement of fraudulent calls

SS7 attacks happen but there is a way to minimize a potential breach. Sonus has partnered with Cellusys to provide a multi-layer security solution that leverages existing STP gateway screening capabilities and incrementally adds Signaling Firewall capabilities needed for context-sensitive assessment on SS7 messages.

In this multi-layer solution, the STP provides gateway screening that specifies which SS7 messages are allowed or disallowed to enter an operators network. For messages that may be questionable, the STP can forward SS7 messages to the Signaling Firewall for further assessment and analysis. The Signaling Firewall will provide context and stateful message assessment and where necessary return error messages to prevent information from being exposed.

Figure 1: SS7 Security

Contact A Sonus Rep

Contact a Sonus Rep

All Fields are Required.
Also, please list any Products/ Solutions in which you are interested