The Signalling System No. 7 (SS7) is used in GSM/UMTS telecommunication technologies for signalling and management of communication. It was designed on the concept of private boundary walled technology having mutual trust between few national/multinational operators with no inherent security controls in 1970s. Deregulation, expansion, and merger of telecommunication technology with data networks have vanquished the concept of boundary walls hence increasing the number of service providers, entry points, and interfaces to the SS7 network, which made it vulnerable to serious attacks. The SS7 exploits can be used by attackers to intercept messages, track a subscriber's location, tape/redirect calls, adversely affect disaster relief operations, drain funds of individuals from banks in combination with other methods and send billions of spam messages. This paper provides a comprehensive review of the SS7 attacks with detailed methods to execute attacks, methods to enter the SS7 core network, and recommends safeguards against the SS7 attacks. It also provides a machine learning based framework to detect anomalies in the SS7 network which is compared with rule based filtering. It further presents a conceptual model for the defense of network.
~
ULLAH, Kaleem, RASHID, Imran, AFZAL, Hammad, IQBAL, Mian Muhammad Waseem, BANGASH, Yawar Abbas and ABBAS, Haider, 2020. SS7 Vulnerabilities—A Survey and Implementation of Machine Learning vs Rule Based Filtering for Detection of SS7 Network Attacks. IEEE Communications Surveys & Tutorials. 2020. Vol. 22, no. 2, p. 1337–1371. DOI 10.1109/COMST.2020.2971757.
The SS7 is used to provide mobility management, control billing information, generate user security information, support call establishment/termination and control access/service authorization [3], [4], [5]. The SS7 network was designed in 1970s when few national/multinational telecommunication operators used to provide telecommunication services. These national/ multinational operators had access to core network [1], [2]. In this backdrop, no inherent security controls were incorporated in the SS7 core network, and it was designed on the basis of mutual trust between operators [6]. It was assumed that all operators, being national/multinational corporations, can be trusted thus assuming the SS7 network as a closed trusted network [7], [8].