Page 6 - Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions
P. 6

Contents











                         Executive Summary ............................................................7

                         Abbreviations and acronyms ....................................................8
                           1  Introduction ...............................................................9
                           2  Impact of telecom vulnerabilities on DFS  ....................................9
                              2.1  Over the counter cash fraud .............................................9
                              2.2  Account takeover ...................................................... 10
                              2.3  Social engineering ..................................................... 10
                           3  Telecom vulnerabilities and attack surfaces  .................................10
                           4  Common types of telecom attacks  ......................................... 11
                           5  The commonality of telecom attacks  ....................................... 12
                           6  The challenge ............................................................. 12
                           7  Misconception: Isn’t it hard to attack the telco?  Governments do that ......... 13
                           8  The cellular attack kill chain ................................................ 14
                           9  Examples of attacks on DFS infrastructure .................................. 14
                              9.1  SMS OTP interception .................................................. 14
                              9.2  Social engineering of sensitive credentials using USSD .................... 15
                              9.3  Denial of service attacks ............................................... 16
                              9.4  SIM card swap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
                              9.5  SIM card recycle ....................................................... 16
                          10  Mitigation strategies for mobile operators ................................... 16
                              10.1 FS.11: SS7 Interconnect Security Monitoring Guidelines .................... 16
                              10.2 FS.07: SS7 and SIGTRAN Network Security .............................. 17
                              10.3 IR.82: Security SS7 implementation on SS7 network guidelines ............ 17
                              10.4 IR.88: LTE and EPC roaming guidelines .................................. 17
                              10.5 Mitigations in GSMA: documents vs common telecom attacks ............. 17
                           11  Implementation of mitigation among mobile operators  ...................... 17













           4 • Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions
   1   2   3   4   5   6   7   8   9   10   11