search-icon-mcns-5g
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Read our latest article
online maps application using smartphone
Starlink direct to cell

SS7 Signaling in 4G Mobile Netwok – National Security Aspects

MCNS has successfully undertaken and delivered a full customer premise project delivery for SS7 signaling network aspects related to national security and communications in hostile environments. SS7 (Signaling System No. 7) is an essential signaling protocol initially designed for managing calls and exchanging information in the circuit-switched networks of 2G and 3G.

In 4G LTE networks, SS7 (Signaling System No. 7) is used in a limited way, primarily to support interoperability with legacy 2G and 3G networks. This legacy signaling protocol, originally developed for circuit-switched networks, is still essential for certain 4G functions, especially when mobile networks interconnect and fall back on legacy services.

Telecom operators use SS7 firewalls to block suspicious requests and monitor signaling traffic, reducing the risk of unauthorized access. These firewalls are configured to prevent attacks while allowing essential signaling traffic for interoperability.

Hence in the transition to 4G, which is largely based on IP (Internet Protocol), SS7 plays a different and somewhat limited role. In 4G, signaling is primarily handled by IP-based protocols like the Diameter protocol, which is a successor to SS7 for managing subscriber authentication, policy enforcement, and session management.

Diameter includes enhanced security features, such as AVP (Attribute-Value Pair) authentication, message encryption, and stronger policy enforcement. In LTE, Diameter handles subscriber authentication, authorization, and accounting (AAA) functions, supporting a transition to more secure signaling.

However, SS7 is still used in some key areas, such as:

  • Interworking with Legacy Networks: Many telecom networks are not fully IP-based and continue to use 2G/3G infrastructure for voice calls and SMS services. For these, SS7 is still required for interconnection with legacy networks, especially for SMS and circuit-switched fallback (CSFB) during voice calls.
  • Roaming Support: While Diameter is more common for roaming in 4G, SS7 remains used in some networks for global roaming, particularly when 4G devices connect to 2G or 3G networks while roaming.
  • Fallback to Circuit-Switched Services: In networks where Voice over LTE (VoLTE) is unavailable, SS7 facilitates fallback to circuit-switched calls on 2G/3G networks.

Source: NTT Docomo Technical Journal

SS7 was developed at a time when the telecommunications landscape was less security-conscious, making it vulnerable to several attacks, as:

  • Eavesdropping: Attackers can intercept signaling messages to listen in on voice calls or intercept SMS messages, which can expose sensitive information like one-time passwords (OTPs) used for two-factor authentication.
  • Location Tracking: By exploiting SS7, attackers can track a subscriber’s location based on the cell towers they connect to, which poses a significant privacy risk.
  • SMS Interception: Attackers can intercept SMS messages, which are commonly used for OTPs, and facilitate account takeover or fraudulent transactions.
  • Denial of Service (DoS): Attackers can use SS7 commands to force devices to disconnect from the network or redirect calls, impacting service availability.

MCNS project consultancy included topics related to Implementation of SS7 signaling and its evolution to 4G for network Security and Civilian/Military applications.

Deliverables

Our project deliverable and proposals were fully aligned to ITU and 3GPP standards for SS7 in the core. In response to network deployment and Security vulnerabilities, MCNS discussed the SS7 functionality since 2G/3G and its evolution to 4G with the necessary security considerations and cure.

Among others it was discussed the opportunity to use

  • Firewalls and Intrusion Detection Systems: SS7 firewalls help filter and validate signaling messages to prevent unauthorized access and attacks.
  • Two-Factor Authentication Alternatives: Encouraging the use of app-based OTP generators or push notifications as an alternative to SMS-based OTPs for secure authentication.
  • Enhanced Diameter Protocol in 4G: 4G uses the Diameter protocol, which offers better security features than SS7, such as authentication, authorization, and encryption capabilities, although interoperability with SS7 can still create vulnerabilities.
  • Subscriber Awareness and Reporting: Many operators actively inform users about potential security threats and offer reporting mechanisms for suspicious activity.

For further information about the affliliated company press:

https://www.rma.ac.be/en