The International Telecommunication Union (ITU) was pleased to invite you to the live Webinar "Addressing SS7 Vulnerabilities affecting Digital Financial Services", that took place on 18 February 2025 from 14:00 - 15:00 CET via Zoom.
The world of digital financial services (DFS) relies heavily on the underlying telecommunications infrastructure for users to perform financial transactions. In many developing countries where DFS is popular, most of the end-users do not have reliable and accessible means to connect to the Internet and thus rely heavily on legacy mobile communications infrastructure (GSM 2G), which is based on SS7. The communication channels with which the end user communicates with the DFS provider are mostly Unstructured Supplementary Service Data (USSD), Short Messaging Service (SMS). USSD and SMS have long been known as “broken” and have many published vulnerabilities, some over 20 years old, which enables attackers to commit fraud and steal funds. Cybercriminals can target both individual users and critical services such as DFS by exploiting vulnerabilities in SS7, resulting in significant financial and reputational damage to operators and subscribers.
In this live webinar, the discussion focused on exploring SS7 security vulnerabilities in the DFS sector, share effective mitigation strategies, including the adoption of security standards to protect DFS and telco providers against fraudulent activities and the breaches that result from these
vulnerabilities.
Furthermore, the webinar explored the DFS Security Recommendations to mitigate SS7 risks and the ongoing standardization work in ITU-T Study Group 11 to address these challenges. This includes the latest Technical standards and best practices for securing SS7 networks and services. More details are available at: https://itu.int/go/SIG-SECURITY.
The webinar delved into specific
DFS Recommendations to Mitigate SS7 vulnerabilities, including fostering regulatory coordination between DFS and Telco, incentivizing industry countermeasures, and promoting education on SS7 risks for regulators; securing network traffic with robust encryption, implementing SMS firewalls, and protecting sensitive data for telcos; and utilizing session timeouts, enforcing transaction limits for insecure channels, educating users, and deploying strong authentication methods like bidirectional OTPs to combat social engineering and USSD interception for DFS providers.
To facilitate collaborative discussions with regulators, DFS providers and telco providers, and contribute to the ongoing development of DFS security best practices before and after the webinar, participants are encouraged to join the
ITU DFS security knowledge-sharing platforms on Slack and GitBook.
Attendees gained insights into:
- How SS7 vulnerabilities compromise digital financial systems.
- Proactive measures that can be taken by Telcos, DFS providers, and regulators to secure networks and services based on the ITU DFS security recommendations.
- ITU-T Study Group 11 related work to develop standards to protect against attacks on SS7 networks
- The importance of international cooperation and adopting security standards and best practices to mitigate SS7 vulnerabilities.
Target AudienceThis webinar was intended for professionals in telecommunications, financial services, fintech, cybersecurity, and regulatory bodies who were directly involved in or impacted by DFS security.
Panelists:
Standardization Bureau, ITU
Moderator | |
