Threat Category: Carrier Interoperability
ID: CEL-38
Threat Description: Tracking of device locations by exploiting network weaknesses.
Threat Origin
SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones 1
GSM Sniffing 2
Toward the HLR: Attacking the SS7 & SIGTRAN Applications 3
Mobile Self Defense 4
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
SS7 Firewalls may be deployed throughout the network. See Securing SS7 Telecommunications Networks 5
References
P. Langlois, SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones, presented at Blackhat EU, 29 Mar. 2007; www.blackhat.com/presentations/bh-europe-07/Langlois/Presentation/bh-eu-07-langlois-ppt-apr19.pdf [accessed 8/23/2016] ↩
K. Nohl, GSM Sniffing, 27th Chaos Communication Congress, Dec. 2010; https://events.ccc.de/congress/2010/Fahrplan/attachments/1783_101228.27C3.GSM-Sniffing.Nohl_Munaut.pdf [accessed 8/23/2016] ↩
P. Langlois, Toward the HLR: Attacking the SS7 & SIGTRAN Applications, presented at H2HC, Dec. 2009; www.h2hc.org.br/repositorio/2009/files/Philippe.en.pdf [accessed 8/23/2016] ↩
K. Nohn, Mobile Self-Defense, presented at 31st Chaos Communication Congress, 27 Dec. 2014; https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2493/original/Mobile_Self_Defense-Karsten_Nohl-31C3-v1.pdf [accessed 8/29/2016] ↩
G. Lorenz et al., “Securing SS7 Telecommunications Networks”, in Workshop on Information Assurance and Security vol. 2, 2001; https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.480.2222&rep=rep1&type=pdf [accessed 8/1/2022] ↩