Concern Mounts for SS7, Diameter Vulnerability

The same security flaws that cursed the older SS7 standard and were used with 3G, 2G and earlier are prevalent in the Diameter protocol used with today’s 4G (LTE) telephony and data transfer standard, according to researchers at Positive Technologies and the European Union Agency For Network and Information Security (ENISA).

Network security is built on trust between operators and IPX providers, and the Diameter protocol that replaced SS7 was supposed to be an improved network signaling protocol. But when 4G operators misconfigure the Diameter protocol, the same types of vulnerabilities still exist.

“As society continues to leverage mobile data capabilities more and more heavily, from individual users performing more tasks directly on their smartphones, to IoT devices which use it when regular network connections are not available (or not possible), service providers need to take the security of this important communications channel more seriously,” said Sean Newman, director of product management for Corero Network Security.

Given that the Diameter protocols are slated to be used in 5G, reports of critical security capabilities not being enabled in the Diameter protocol used for 4G mobile networks are worrisome. Of particular concern is the potential that misconfigurations that lead to the vulnerability could result in distributed denial of service (DDoS) attacks for critical infrastructure relying on mobile access. An attacker would not need to harness any large-scale distributed attack capabilities.

“The latest generation of denial of service protection solutions are critical for any organization that relies on always-on internet availability, but this can only be effective if service providers are ensuring the connectivity itself is always-on,” Newman said.

Concerns over the threats from smartphones have even been presented to Congress with pleas that they should act immediately to protect the nation from cybersecurity threats in SS7 and Diameter.

“SS7 and Diameter were designed without adequate authentication safeguards. As a result, attackers can mimic legitimate roaming activity to intercept calls and text messages, and can imitate requests from a carrier to locate a mobile device. Unlike cell-site simulator attacks, SS7 and Diameter attacks do not require any physical proximity to a victim,” wrote Jonathan Mayer, assistant professor of computer science and public affairs, Princeton University, in his testimony before the Committee on Science, Space, and Technology of 27 June.