Page 15 - Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions
P. 15
7 MISCONCEPTION: IS IT NOT HARD TO intercept cellular communications in their proximity.
ATTACK THE TELCO? GOVERNMENTS DO Since the encryption can be cracked, all of the calls,
6
THAT SMS and http traffic from/to the intercepted device
can be decrypted. Today, creating a basic MITM sys-
This misconception is common among CISO’s and tem like one below in figure 4, requires ~600$ worth
cyber security officers in enterprises today. The barriers of hardware that can be purchased on eBay and open-
for entry have dropped significantly, and today, every source software from the internet, nothing more.
hacker with ~$500 in to spare can exploit cellular vul- Another example to show the relative ease of perform-
nerabilities. ing cellular attacks is SS7 network access. The SS7 network
used to be considered a “walled-garden” which could only
For Example: Using home brewed cellular off-the-air be accessed by licensed mobile operators. Today with
Man-In-The-Middle (MITM) system an attacker can the spread of bulk-SMS providers, Internet of Things (IoT)
and location-based services, other
FIGURE 4: A rudimentary MITM interception system based on commercial HW and non-licensed entities have gained
open-source SW access to the SS7 network.
Consequently, more businesses
and individual with direct access
to the network and intermedi-
aries are selling their access on
the dark web. For $150–$2500,
a hacker can gain unauthoriz-
ed access to the SS7 network
and exploit cellular vulnerabilities
without requiring any infrastruc-
ture at all.
FIGURE 5: A dark web site selling SS7 access
Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions • 13
