CEL-37 · Mobile Threat Catalogue

Mobile Threat Catalogue

Exploiting SS7 to monitor or redirect phone calls or text messages

Contribute

Threat Category: Carrier Interoperability

ID: CEL-37

Threat Description:

Threat Origin

SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones 1

GSM Sniffing 2

Toward the HLR: Attacking the SS7 & SIGTRAN Applications 3

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures

Mobile Network Operator

SS7 Firewalls may be deployed throughout the network. See Securing SS7 Telecommunications Networks 4

References

  1. P. Langlois, SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones, presented at Blackhat EU, 29 Mar. 2007; www.blackhat.com/presentations/bh-europe-07/Langlois/Presentation/bh-eu-07-langlois-ppt-apr19.pdf [accessed 8/23/2016] 

  2. K. Nohl, GSM Sniffing, 27th Chaos Communication Congress, Dec. 2010; https://events.ccc.de/congress/2010/Fahrplan/attachments/1783_101228.27C3.GSM-Sniffing.Nohl_Munaut.pdf [accessed 8/23/2016] 

  3. P. Langlois, Toward the HLR: Attacking the SS7 & SIGTRAN Applications, presented at H2HC, Dec. 2009; www.h2hc.org.br/repositorio/2009/files/Philippe.en.pdf [accessed 8/23/2016] 

  4. G. Lorenz et al., “Securing SS7 Telecommunications Networks”, in Workshop on Information Assurance and Security vol. 2, 2001.