Attacks to mobile networks using SS7 vulnerabilities: a real traffic analysis

The SS7 (Signaling System no\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$^o$$\end{document} 7) protocol stack is still in use today to interconnect networks from different mobile telecommunication providers. These protocols were proposed in the 80 s, taking into account mutual trust relationships between participants. With the success of IP communications and the growth in the number of carriers, mobile networks have become exposed to many SS7 attacks. In this paper, we discuss important threats to SS7 networks as well as the main countermeasures. We also analyze a dataset obtained from a major telecommunication provider in Brazil. From this dataset, we observe that thousands of threats are triggered daily, that the main attacks are proportional along the time, that attacks are concentrated on a subset of attack sources as well as on a subset of victims, and that attack orchestration is possible but still not clear. These findings justify all the concerns regarding SS7 vulnerabilities and encourage new proposals towards attack mitigation.