Attacks to mobile networks using SS7 vulnerabilities: a real traffic analysis

• Published in: Telecommunication systems Vol. 83; no. 3; pp. 253 - 265
• Main Authors: de Carvalho Macedo, Luiza Odete H., Campista, Miguel Elias M.
• Format: Journal Article
• Language: English
• Published: New York Springer US 01.07.2023; Springer Nature B.V
• Subjects: Artificial Intelligence; Business and Management; Computer Communication Networks; Datasets; Interconnect; IT in Business; Mobile commerce; Network security; Network switching; Networks; Probability Theory and Stochastic Processes; Protocol; Signalling systems; Telecommunications systems; Traffic analysis; Real dataset analysis; SS7 vulnerabilities; Mobile communications; Legacy mobile networks; SS7 attack characterization
• ISSN: 1018-4864; 1572-9451
• DOI: 10.1007/s11235-023-01018-0

The SS7 (Signaling System n o 7) protocol stack is still in use today to interconnect networks from different mobile telecommunication providers. These protocols were proposed in the 80 s, taking into account mutual trust relationships between participants. With the success of IP communications and the growth in the number of carriers, mobile networks have become exposed to many SS7 attacks. In this paper, we discuss important threats to SS7 networks as well as the main countermeasures. We also analyze a dataset obtained from a major telecommunication provider in Brazil. From this dataset, we observe that thousands of threats are triggered daily, that the main attacks are proportional along the time, that attacks are concentrated on a subset of attack sources as well as on a subset of victims, and that attack orchestration is possible but still not clear. These findings justify all the concerns regarding SS7 vulnerabilities and encourage new proposals towards attack mitigation.