Page 86 - Cyber Defense eMagazine December 2023
P. 86
Understanding mobile signaling
Mobile signaling can be aptly described as the "traffic controller" of telecommunications networks. It's the
underlying mechanism that manages and directs the flow of data, ensuring that calls, messages, and
other forms of communication reach their intended destinations. Signaling protocols are responsible for
the entire lifecycle of these communication sessions, from their initiation and the transfer of data to their
eventual termination. This intricate system not only facilitates communication within a single network but
also interconnects telecom infrastructures of countries globally, sometimes referred to as the interconnect
environment.
One of the most pivotal protocols in mobile signaling is Signaling System 7 (SS7). For decades, SS7 has
been the cornerstone of global communication, enabling functionalities like call setups, SMS routing,
mobile roaming, and number portability. Designed in the 1970s, SS7 was conceived as a closed network,
built on mutual trust among all its participants. This design, which once was its strength, has been
exposed as inherently vulnerable as cyber threats have evolved. Yet, the adoption of adequate measures
to protect signaling interfaces has been slow to materialize, due on the one hand to a lack of capability
to detect such threats on the part of mobile operators, and on the other to a prevailing focus on IT-based
security threats. This has led cyber policymakers and practitioners to overlook mobile signaling. As we
progress into an era of exponentially heightened digital connectivity, understanding signaling
vulnerabilities and their implications, and the role of signaling security as a pillar of cyber resilience,
becomes ever more critical.
The neglect of mobile signaling security
As the digital threat landscape has evolved, the focus of cybersecurity has predominantly shifted toward
IT security, often sidelining the unique challenges posed by mobile signaling. This trend was notably
highlighted by entities like the European Union Agency for Cybersecurity (ENISA), which emphasized
the disparity in definitions and understandings of "cyberspace" across industries. Such disparities have
inadvertently led to a concentration on internet-borne threats, leaving mobile signaling, with its distinct
technicalities and vulnerabilities, in the shadows.
This oversight is further exacerbated by the specialized nature of signaling, which requires its own sets
of expertise, tools, and systems. Historically, signaling experts have been more engrossed in managing
network operations and troubleshooting performance issues rather than proactive threat hunting. This
has resulted in a significant gap in many operators' Security Operations Centers (SOCs) and national
cybersecurity frameworks, creating a blind spot that threat actors can readily exploit.
The inadequacy of too basic 'baseline' security measures
The vulnerabilities inherent in mobile signaling came to the forefront of industry attention in 2014 when
the security of SS7 was publicly questioned, both due to geopolitical events and research revelations.
These investigations showcased how the protocol could be manipulated by threat actors to track user
Cyber Defense eMagazine – December 2023 Edition 86
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
