invisible threat in ss7 networks – attacks based on caller ... · invisible threat in ss7...
TRANSCRIPT
![Page 1: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/1.jpg)
Sergey Puzankov
Invisible threat in SS7 networks –attacks based on caller ID spoofing
ptsecurity.com
![Page 2: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/2.jpg)
About Positive Technologies
É 700 people in nine offices across North America, Asia, Africa and Europe and expanding
É Portfolio securing large organizations and infrastructure providers from targeted attacks through vulnerability detection and management
É 21% group yearly revenue increase
É 60 – 70% reinvested back into research, feeding directly through to products
É Partners include Check Point, Cisco, Microsoft, Google, Oracle, Siemens and IBM
É 1,000 customers
![Page 3: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/3.jpg)
SIGTRAN is a Time Machine
SIGTRAN
Through SIGTRAN back to 1970’s
![Page 4: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/4.jpg)
Micro Computer as an SS7 Node
![Page 5: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/5.jpg)
SIGTRAN – TDM
SIG
TRAN
TDM
SIGTRAN
![Page 6: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/6.jpg)
Telecom Security in International Non-commercial Organizations
Fraud and Security Group
IR.82 SS7 Security Network Implementation GuidelinesFS.07 SS7 and SIGTRAN Network SecurityFS.11 SS7 Interconnect Security Monitoring and Firewall GuidelinesFS.19 Diameter Interconnect SecurityFS.20 GPRS Tunnelling Protocol (GTP) SecurityFS.21 Interconnect Signalling Security Recommendations
![Page 7: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/7.jpg)
Classification: Answer Necessity
• Identity request (e.g. IMSI)• Location request• Network information request
Answer is required
![Page 8: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/8.jpg)
Classification: Answer Necessity
Answer is not required
• Service disruption (DoS)• Data injection• Service manipulation
Caller ID spoofingis possible
![Page 9: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/9.jpg)
Caller ID Spoofing at Position Refinement Attack
LocationRequest1
CID:1111SilentUSSDFromABC
LocationRequest2
CID:2222
1
2
3
5
Paging
MSC/VLR
CID2222
CID1111
4ABC
![Page 10: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/10.jpg)
Caller ID Spoofing at SMS Interception Attack
UpdateLocation From ABC• Fake MSC
Fake MSC SMS-C
1
HLR
3
2
4
5
ABC
![Page 11: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/11.jpg)
PKI in SS7 Networks: Encryption
SS7 Message• Calling Address• Encrypted payload
2
3
4
CertificationCentre
1Private Key Initiation
Public Key Request
Public Key
![Page 12: Invisible threat in SS7 networks – attacks based on caller ... · Invisible threat in SS7 networks – attacks based on caller ID spoofing ptsecurity.com. About Positive Technologies](https://reader031.vdocuments.net/reader031/viewer/2022021801/5b50352b7f8b9a166e8e043f/html5/thumbnails/12.jpg)
Thank you!
ptsecurity.com