SS7 Firewall: Protection from cell phone fraud
Interview with Christian Wollner, Head of Product Management Mobile World at Deutsche Telekom ICSS
Over the past few years, attacks over the networks of mobile phone subscribers has become more and more frequent. To cope with this problem, ICSS created a special taskforce to come up with a solution. Christian Wollner, Head of Product Management at ICSS, talked with us about the pervasive incidents and explains what ICSS has done to safeguard customers by closing loopholes in the Signaling System #7 (SS7) protocol.
Q: What is SS7 and what does it have to do with mobile phones?
A: SS7 was invented in the 1970’s as a set of protocols to control network elements and allow communication within a network and between them. It was first used in fixed networks by incumbents and then also in mobile networks. In mobile networks it was first used domestically only and then also in roaming. It is what allows users to roam on other networks when travelling, to dial from abroad, send text messages to foreign networks or make calls when on the move as the signal switches between radio cells. As cell phone growth has exponentially grown, so have attacks on the system.
Q: How do criminals attack the system?
As soon as criminals have access to the system they can track the location of SIM cards, i.e. customers, modify their profiles or find out the IMSI. With this information it is possible to apply illegal interception of voice calls and SMS. They are companies who are selling software which can be purchased and used by everybody to perform this mis-use of SS7 and we are facing an increase of this over the past years.
Q: You mentioned that Deutsche Telekom set up a task force to look into the problem. What was the result?
A: The result was our SS7 Firewall, which uses pioneering technology to protect our customers from damage and loss of reputation. At first, we were looking for a quick fix, but then we realized how much more efficient, in terms of time and money, it would be to have one pan-European approach across all the countries where we have a presence. And then we realized that this was a solution we could also offer to other operators and not just use for our internal requirements.
Q: How does the ICSS SS7 Firewall work?
A: The ICSS SS7 Firewall blocks attacks by filtering all content entering the global SS7 network over a Deutsche Telekom signaling transfer point (STP). In addition our firewall is able to filter traffic which arrives via the local STP only as well. Any traffic identified as suspicious or manipulated is not allowed to be returned to the SS7 network and is not sent on to the customer’s mobile network. Our solution additionally offers a graphic user interface for monitoring, reporting and alarming. We know, however, how quickly fraudsters adapt to protection mechanisms, so we are continually working to refine our SS7 Firewall. That’s what makes it truly future-proof.
Q: If criminals keep finding new ways to circumvent protection methods, is it really possible to find a failsafe solution?
A: In order to develop a lasting solution for the entire industry, it will be necessary for other network operators, infrastructure and terminal equipment manufacturers, industry associations and standardization bodies to work closely together. As specialists for security, we at ICSS are committed to this. And, for sure, we will keep the firewall up to date providing the full functionality as recommended by the GSMA and other bodies.