SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
2G and 3G networks are 'open doors' for cyber attacks
Wed, 19th Feb 2020
FYI, this story is more than a year old

2G and 3G networks could be putting the public at risk, according to research released today by Positive Technologies.

Due to vulnerabilities in the SS7 protocol, 2G - 3G networks are opening the door for hackers to potentially track a customer's every move, listen in on calls, intercept SMS messages, instigate fraud or even strip them of service.

The research is based on the networks of 28 telecom operators across Europe, Asia, Africa and South America between 2018–2019.

In the study, researchers simulated the actions of a potential intruder to reveal the flaws in the SS7 protocol which is used to receive and distribute signalling messages.

The risks lie in that cybercriminals can potentially buy access to SS7 networks illegally on the dark web, as well as their notoriously flawed architectural security.

“From a customer's point of view, it's scary to think that the vulnerabilities in the network won't mean that you know if your phone has been affected,” says Positive Technologies chief technology officer Dmitry Kurbatov.

“Messages, calls and your location can be tracked without your knowledge.

“Therefore, it's the operators' responsibility to stand guard and have visibility of their networks to be able to identify existing vulnerabilities and develop measures to mitigate the impact of these threats.

Security researchers have warned about SS7 for decades, however, the vulnerabilities have become more severe in recent years, as identified by researchers involved in the study.

The report found that in the last three years, the percentage of vulnerable networks has increased in nearly all threat categories such as information disclosure, location disclosure, interception of calls, fraud and subscriber DoS.

While the security of SS7 had been improving, progress has stalled. Operators have become so distracted by 5G, which promises to bring super high speed and ultra-low latency benefits to customers, that they have neglected the risk of 2G and 3G not being protected, says Positive Technologies.

“Although there are talks amongst mobile operators to retire and shut down their 2G and 3G networks, the GSMA reports that these previous generation networks will still be available to the public over the next five years,” says Kurbatov.

“This means SS7 won't be a thing of the past anytime soon.

“Whilst operators have been hasty in turning their attention away from 2G and 3G, the reality is the newer networks are also built using previous generation networks infrastructure, meaning they are plagued with the same SS7 security issues.

“For example, some 4G features are still dependent on 2G/3G systems, including sending SMS messages and establishing call connections.

“What's shocking is that according to ENISA, only 30% of EU telecom operators have implemented GSMA recommendations,” says Kurbatov.

Kurbatov adds there are several approaches to combat the threats.

“The first step is to make sure the right processes are in place to make ensure operators don't have any blind spots in their mobile networks.

“Only with a comprehensive approach, which includes regular monitoring of any anomalies to detect illegitimate activities and by following GSMA guidelines, can operators ensure a higher level of protection against criminals.

“Operators need to learn from lessons of the past to avoid making the same mistakes with 4G and 5G.