Back in December last year, there was a flurry of news about SS7 security flaw that allowed hackers to snoop on an unsuspecting users calls and SMS. The blog readers will also be aware that SS7 is being replaced by the Diameter protocol. The main reason being to simplify roaming while at the same time being able to manage the signalling storm in the networks.
The bad news is that while is case of SS7, security issues are due to network implementation and configuration (above pic), the security issues in Diameter seem to be due to the protocol and architecture themselves (below pic)
Diameter is very important for LTE network architecture and will possibly continue in the future networks too. It is very important to identify all such issues and iron them before some hackers start exploiting the network vulnerabilities causing issues for everyone.
The presentation by Cédric Bonnet, Roaming Technical Domain Manager, Orange at Signalling Focus Day of LTE World Summit 2015 is embedded below:
The bad news is that while is case of SS7, security issues are due to network implementation and configuration (above pic), the security issues in Diameter seem to be due to the protocol and architecture themselves (below pic)
Diameter is very important for LTE network architecture and will possibly continue in the future networks too. It is very important to identify all such issues and iron them before some hackers start exploiting the network vulnerabilities causing issues for everyone.
The presentation by Cédric Bonnet, Roaming Technical Domain Manager, Orange at Signalling Focus Day of LTE World Summit 2015 is embedded below:
From SS7 to Diameter Security from Zahid Ghadialy
Some important information from this post has been removed due to a valid complaint.
Some important information from this post has been removed due to a valid complaint.
Hi. This is an interesting critique of SS7 Vs Diameter.
ReplyDeleteHowever just considering SS7 on its own.
SS7 is considered like a VPN that is link to link and closed. How does once attack a SS7 link to intercept and manipulate and inject messages? This could only be done by the carriers themselves. Most unlikely and I have never seen it. ie, how is an attacker gaining access to an STP when the switch needs to be identified and allowed in the STP agreement?
Diameter whilst more IP than SS7 unless using a sigtran or similar, is again a Telco to Telco connection to carriers. Similar standards exist.
The PPT reds more scare campaign and the issues identified stated as fact when its a hypothesis and less likely in reality.
I am not as convinced as you write based on my many years working on IR and SS7 and signaling to date.
Interesting read: SS7 is not a security issue
ReplyDelete