SS7, otherwise known as Signaling System 7, is a set of telephony signaling protocols introduced in the 1970s. By the 1980s, these protocols were standardized to ensure seamless communication between PSTNs or public switched telephone networks. The introduction of the technology represents a shift from in-band signaling to out-of-band signaling.
Referred to as CCSS7 in the US (Common Channel Signaling System 7), the legacy technology is still important to this day. Specifically, the SS7 network interface is used in underdeveloped countries that rely on 2G and 3 G technology for telephone calls. Furthermore, we use it for services such as short message service (SMS), call setups, number translation, prepaid billing mechanisms, and more.
Despite being such an integral solution, SS7 suffers from numerous flaws. It lacks the encryption and authentication that modern mobile services provide. There's also a risk of telephone user impersonation and exposure of signaling messages.
In this article, we'll take a deep dive into the technology and examine how the Titan.ium solution helps address some of the inherent vulnerabilities of SS7.
Signaling System 7 relies on a layered architecture with key components such as signaling points, signaling links, and protocol stack layers. As mentioned, the technology serves to transport messages, perform number translation, set up calls, provide prepaid billing mechanisms, and enable international roaming.
When it comes to protocol layers, SS7 consists of transaction capabilities application part (TCAP), mobile application part/ISDN user part (MAP/ISUP), signaling connection control part (SCCP), and message transfer part (MTP).
TCAP helps by correcting errors, adding routing information, and invoking advanced network functionality. MTP is used as a link, physical, and network layer to streamline message transfer. TCAP is used for several purposes, such as number portability and other database queries. Lastly, we have MAP/ISUP, which is a vital technology for call setup.
Unfortunately, many operators are struggling to switch to newer protocols such as HTTP/2 and Diameter. Specifically, there are numerous operational, technical, and economic challenges that prevent the upgrade. For example, migration is too expensive for some operators, or they might struggle with interoperability requirements.
Due to the obsolete technology, SS7 networks are often a target of hackers via location tracking, call interception, and SMS hijacking. This occurs because SS7 uses a trust-based security model, instead of zero-trust technology that many modern systems use. Once an attacker gains access, they can manipulate traffic and impersonate signaling nodes.
As a result, SS7 is subject to various telecom fraud, including robocalling, IRSF, bypass fraud, and Wangiri. Some of these tactics, such as robocalling, can be very dangerous for common users as they allow attackers to steal personal info, install malware, and make payments. Other tactics, like bypass fraud, can be used to cut operators' revenues.
GSMA, a non-profit organization that assists mobile operators across the world, has issued guidelines that should help minimize some of these issues. According to these guidelines, providers should use filtering for MAP messages, configure edge nodes and firewalls to block suspicious traffic within mobile networks, and introduce screening policies. Operators are also encouraged to increase their risk sensitivity and introduce complex filtering and monitoring tactics.
It is worth noting that SS7 solutions are not used by themselves. Instead, they are a part of a broader multi-protocol world that includes SIP and Diameter technology. A large, interconnected environment gives the attacker much more surface to exploit. Furthermore, each one of these technologies comes with its own inherent risks.
For example, common issues with Diamater are poor peer validation and misconfigured encryption. As for SIP, it struggles with message tampering and a lack of authentication. An IP-based protocol vulnerability coupled with legacy system issues leads to the creation of new types of threats.
Perhaps the biggest issue relates to how different technology handles encryption. In many cases, telephone networks don't even enforce encryption within an integrated services digital network. Virtualization is another issue, as it makes later movement easier for hackers. We have to mention remote exploitation, which is common for global networks.
The only way to address these issues is by introducing a complex, customized security system that would patch all of these vulnerabilities and ensure smooth mobile communication. Ideally, you should use a centralized system for monitoring and analysis that will handle various network elements. Your threat intelligence should work on all levels, detecting attacks that go through different protocols.
Titan.ium's SS7 solution provides numerous benefits for complex network security:
The thing that separates Titanium's SFW, or Signaling Firewall, is the fact that it facilitates multi-protocol security. It supports SIP, Diameter, and SS7 technology in a single solution, checking every message that comes into the network. Our technology gives you a high degree of flexibility, while also introducing real-time protection, vital for modern cybersecurity.
With its cross-protocol parameter checking, operators can easily detect multi-prolonged attacks. The advanced intelligent network application closes gaps between protocols while ensuring full authenticity and consistency. Our solution implements cross-protocol methodology through parameter consistency validation, session tracking, behavioral correlation, and dialog and transaction correlation.
Titan. It also ensures a high degree of deployment flexibility compared to other modern solutions. SFW allows you to choose between inline, overlay, and integrated mode. Furthermore, you can even go with a hybrid mode that combines the best of these options.
If you want to get the most out of Titan.ium technology, we recommend service chaining with our other solutions. That way, you can dynamically link multiple network functions into a single, intuitive yet stable workflow.
Post-processing fraud systems (FMS) are becoming more and more ineffective for modern telecommunications networks. The biggest problem with this technology is that it's reactive and doesn't get enough insight into real-time threats, which is a recipe for disaster.
On the other hand, real-time solutions are much better for detecting every mobile device that enters a network. As such, they help organizations with their operational goals, such as increasing revenues, reducing churn, and enhancing efficiency.
An interesting thing about our product is that it is both reactive and proactive. The reactive parts allow for a high degree of adaptability when there's something amiss, while proactive solutions prevent access in advance. Our product allows for the immediate deployment of new rules to handle zero-day threats.
Using flexible deployment models is vital for the SS7 protocol, as it ensures fast and efficient threat detection and mitigation. Titan.ium offers several options, including overlay firewall, inline model, and integrated model. To choose the right solution, you have to consider real-time blocking, analytics depth, deployment complexity, and optimal use cases.
As with any other digital solution, you must look for minimal disruption to existing routing. In that sense, overlay mode stands out as the best option as it has no impact on signaling flow and routing tables. On the other hand, the inline front model is the worst as it reroutes external traffic through the firewall.
Another major consideration is collocation with STP (signal transfer point), DSC (diameter signaling controller), and SIP elements. To do so effectively, you'll have to use shared analytics and logins, synchronize rules, monitor memory and CPU, and perform a few other best practices.
There are a lot of SS7 variants depending on the country where you live. For example, ITU-T is standardized internationally, and you can find it just about anywhere. ANSI is common in North America, while TTC is common in Japan. We also have Brazil SS7 and China SS7, two other common local variants.
Although there are many more advanced technologies than SS7, this solution remains relevant for operators across the globe. Our task is to adapt to new challenges by implementing flexible threat security into our workflow.
With Titan.ium, your company finally has a response to a wide variety of new threats. With its configurable architecture, you can answer just about any attack that would interfere with your daily operations. Our platform allows you to slowly migrate to newer protocols without exposing yourself to common vulnerabilities. As such, it protects both network integrity and subscriber trust
SS7 allows us to perform a wide variety of operations, including message transfer, call setup, and prepaid billing. With Titan.ium, you can protect all your protocols in real-time, ensuring that hackers can't interfere with your operations. We encourage our readers to learn more about the solution as it can make a difference for their online security.