Endnotes







           1.  A diagram of the SS7 protocol stack can be found in Annex A
           2.  A diagram of the Diameter protocol stack can be found in Annex A
           3.  ENISA research  result  can be found  at: https://www.enisa.europa.eu/publications/signalling-security-in-
             telecom-ss7-diameter-5g/at_download/fullReport.
           4.  Reference: https://www.gsma.com/newsroom/gsmadocuments/technical-documents/
           5.  A fact derived from recent audits performed on more than two dozen cellular networks by Vaulto.
           6.  In 2010, Dunkelman, Keller and Shamir published a new attack that allows an adversary to recover a full A5/3
             key by related-key attack. The time and space complexities of the attack are low enough that the authors
             carried out the attack in two hours on an Intel Core 2 Duo desktop computer even using the optimized ref-
             erence KASUMI implementation.
           7.  Update Location—an SS7 operation causing the victim’s home network to believe they have roamed to
             another network
           8.  Visitor Location Register
           9.  https://mwnation.com/be-alert-mobile-money-fraudsters-on-the-loose/
           10. SMS home routing prevents the real IMSI of a subscriber to be sent in every inbound SMS signalling, however
             with other types of signalling attacks the IMSI can be extracted from the HLR of the telco.
           11.  Filtering on signalling nodes prevents, in theory, access from unverified addresses. However, this filtering is
             only effective if configured correctly and maintained properly.
           12. SecureOTP - OTP SMS send bi-directional and secured from interception
           13. Nigerian Communications Commission (2017) Guidelines on SIM Replacement, available at https://www.ncc.
             gov.ng/docman-main/legal-regulatory/guidelines/733-guidelines-on-sim-replacement/file
           14. Nigerian Communications Commission (2017) Guidelines on SIM Replacement, available at https://www.ncc.
             gov.ng/docman-main/legal-regulatory/guidelines/733-guidelines-on-sim-replacement/file
           15. Nigerian Communications Commission (2017) Guidelines on SIM Replacement, available at https://www.ncc.
             gov.ng/docman-main/legal-regulatory/guidelines/733-guidelines-on-sim-replacement/file
           16. These may be a result of SIM swap guidelines issued by a regulator.



































                                           Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions • 31