Threat Category: Carrier Interoperability
ID: CEL-37
Threat Description: Leveraging network weaknesses to monitor or forward phone calls or SMS texts to unintended locations.
Threat Origin
SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones 1
GSM Sniffing 2
Toward the HLR: Attacking the SS7 & SIGTRAN Applications 3
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
SS7 Firewalls may be deployed throughout the network. See Securing SS7 Telecommunications Networks 4
References
P. Langlois, SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones, presented at Blackhat EU, 29 Mar. 2007; www.blackhat.com/presentations/bh-europe-07/Langlois/Presentation/bh-eu-07-langlois-ppt-apr19.pdf [accessed 8/23/2016] ↩
K. Nohl, GSM Sniffing, 27th Chaos Communication Congress, Dec. 2010; https://events.ccc.de/congress/2010/Fahrplan/attachments/1783_101228.27C3.GSM-Sniffing.Nohl_Munaut.pdf [accessed 8/23/2016] ↩
P. Langlois, Toward the HLR: Attacking the SS7 & SIGTRAN Applications, presented at H2HC, Dec. 2009; www.h2hc.org.br/repositorio/2009/files/Philippe.en.pdf [accessed 8/23/2016] ↩
G. Lorenz et al., “Securing SS7 Telecommunications Networks”, in Workshop on Information Assurance and Security vol. 2, 2001; https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.480.2222&rep=rep1&type=pdf [accessed 8/1/2022] ↩