BANK ACCOUNT HACK AND SS7 EXPLOITS GET REAL - Mavenir

Blog

BANK ACCOUNT HACK AND SS7 EXPLOITS GET REAL

25 May 2017

AUTHORED BY: Maryvonne Tubb

Hackers have finally found a way to get into consumers’ pockets by exploiting the SS7 network and stealing two-factor authentication (2FA) SMS codes to empty people’s bank accounts.

Engineers spoke out with a warning to possible risks of the security of Signaling System Number Seven, or SS7 as far back as 2008. This widely-used protocol, that allows networks to interconnect and exchange data has loopholes, that, if left unprotected, can be wide open to the unrelenting hacks of cyber-criminals including listening in on conversations, monitoring messages, hijacking subscriber locations and stealing money!

Back in 2014, when German researchers first publicly reported that SS7 was vulnerable to exploitation and that it had been used for surveillance purposes, this was a more abstract problem that only seemed to affect those who were on government security watch lists, but now the threat is close to us all.

MAVENIR LEADERS – MARK WINDLE AND ILIA ABRAMOV SHARED THE FOLLOWING INSIGHTS WITH THE MEDIA:

1. SS7 is Vulnerable: What Next?

Mark Windle, Director at Mavenir, commented to CyberScoop that, “This latest attack serves as a warning to the mobile community about what is at stake if these loopholes aren’t closed, and provides a rallying-cry to mobile carriers to act fast and work with vendors to protect their customers and their networks.”

Windle also told eSecurity Planet’s Jeff Goldman, “Operators are already collaborating to better understand the ways in which vulnerabilities can be exploited, and mitigate them.” This critical collaboration must be done rapidly and in an organized manner, because legacy SS7 technology will be replaced by Diameter or SIP in the next ten years.”

And that, “Furthermore, as long as there is national and international interconnect access, the window for hacking will still be there. In the meantime, by continuing to address security flaws in signaling protocols by using an optimal, multi-layer solution, operators can increase subscriber trust levels, decrease churn rates and, most importantly, protect mobile devices.” Windle expanded on his commentary in a byline for Wireless Week entitled, “SS7 Vulnerability Allows Hackers to Drain Bank Accounts – What Next?

2. What Should CSPs Do?

Ilia Abramov, Mavenir Product Director, advised Help Net Security that “CSPs and those involved in authentication should increase their investment in this security method by upgrading existing systems with further measures.”

He continued, “If mobile operators want to defend their role in enterprise Application to Person (A2P) communications, it is imperative that action is taken now to secure the SMS channel, (and the network more generally) before lucrative A2P messaging is put at risk.”

For CSPs looking to take precautions against SS7 hacks, Abramov recommends a dual-step approach: first, installing a signaling firewall as a first step and conducting regular audits to analyze networks for gaps. The second step is the key to defending against a dynamic threat landscape.

For more information on how to protect networks and customers’ information, read more about our solutions here.

Maryvonne Tubb
Maryvonne TubbClick for Bio
SVP, Global Marketing & Corporate Communications

Maryvonne leads the Global Marketing and Corporate Communications teams at Mavenir. In this role, she focuses on positioning the company as a disruptive Network Software Provider in the evolving telecoms/enterprise landscape. Under Corporate Communications, she leads Government Relations & Investor Relations. She started with Mavenir in 2008 with prior stints as Vice President of Marketing & Investor Relations. Her career includes marketing leadership roles at numerous other telecom/technology companies, including Nortel, Cisco, Mitel and Newbridge.

Related Content

Mavenir extends AI and Analytics Portfolio to enable closed-loop automation and drive digital transformation critical for 5G AI use cases.

Read more >

A zero trust architecture (ZTA) is a cybersecurity architecture that is based on zero trust principles and designed to prevent data breaches and limit internal lateral movement. Support of a zero-trust architecture requires each O-RAN component to comply with established functionalities and protections. O-RAN Alliance [6] has identified several guiding principles.

Read more >

While legacy vendors see the growing momentum for OpenRAN and feel the need to use scare tactics to protect their market position, the facts are clear: OpenRAN means more security, not less.

Read more >

View All

Mavenir extends AI and Analytics Portfolio to enable closed-loop automation and drive digital transformation critical for 5G AI use cases.

Read more >

ENABLING NEW BUSINESS MODELS WITH NETWORK SLICING New Delhi, India – October 16, 2019 – Mavenir, the industry’s only end-to-end cloud-native 4G and 5G network software provider for CSPs was...

Read more >

AI/ML-BASED SOLUTION, COUPLED WITH ANTI-SPAM ALREADY LAUNCHED, PROVIDES PROTECTION AND IMPROVED SERVICE FOR ARGENTINA MOVISTAR CUSTOMERS. RICHARDSON, TX, October 2, 2019 – Mavenir, a leader in accelerating software network transformation and...

Read more >

View All

MAVENIR FINALIZES THE PURCHASE OF ARGYLE DATA Mavenir announced it completed its acquisition of computer security services company Argyle Data in a move to enhance its machine learning...

Read more >

Mavenir is introducing a new “white box” element that it says will enable operators to offload traffic at the very edge of the network and to host virtualized functions...

Read more >

Someone impersonating you to an AT&T or Verizon employee isn’t the only thing you need to worry about. Meet Signaling System 7, a hacker’s best friend. Last spring,...

Read more >

View All

A zero trust architecture (ZTA) is a cybersecurity architecture that is based on zero trust principles and designed to prevent data breaches and limit internal lateral movement. Support of a zero-trust architecture requires each O-RAN component to comply with established functionalities and protections. O-RAN Alliance [6] has identified several guiding principles.

Read more >

While legacy vendors see the growing momentum for OpenRAN and feel the need to use scare tactics to protect their market position, the facts are clear: OpenRAN means more security, not less.

Read more >

Mavenir is proud to be recognized as a winner in the Security category of this year’s Fierce Innovation Awards – Telecom Edition for its innovative, industry-leading Security and Fraud Management Suite.  The Fierce Innovation Awards Telecom Edition 2019 Report highlights those showcasing advances in service and equipment developments unveiled during the past 12 months.

Read more >

View All

Join Mavenir's John Baker, SVP of Business Development, at CableLabs Envision Vendor Forum 2021: Mobile and Convergence on April 21st, 2021.

Read more >

Open standards, open platforms and open source for cloud native 5G': This talk discusses the benefits and challenges for operators as they migrate towards “open” eco-systems for multi-vendor cloud-native 5G deployments.

Read more >

Join Mavenir's Susie Riley, GM, Monetization Business Unit, for the Transforming Customer Engagement for a New World with Business Messaging Webinar on April 22, 2021.

Read more >

View All

Need More Information?

Building the future of networks with cloud-native software that runs on any cloud and transforms the way the world connects.