Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Sophisticated SS7 Attacks - How to Intercept an SMS Message While Staying Stealthy

Sergey Puzankov

2 vote(s)

We continuously investigate the SS7 security for years. We both play an attacker role trying to penetrate mobile networks and look at what real hackers come up with.

As we can see, most mobile operators defend their SS7 perimeter by reconfiguring network equipment and implementing SMS Home Routing solutions. This is the right way to withstand basic SS7 attacks, but it is not enough to protect the network. Our research and security audit practice proves that there are possibilities to perform SS7 attacks that bypass this kind of security mechanisms. Moreover, real attacks tend to be more stealthy and difficult to detect at an early stage. That is why we reckon mobile operators should engage continuous security monitoring of external SS7 connections supported by up-to-date vulnerability base.

In this talk, I will describe the most interesting attacks on SS7 networks that have never been published before.

About Sergey Puzankov

Sergey was born in 1976. He graduated from Penza State University with a degree in automated data processing and management systems in 1998. Before joining Positive Technologies in 2012, he worked as a quality engineer at VimpelCom. Being a security expert in telecommunication systems at Positive Technologies, he is engaged in the research of signaling network security and in audits for international mobile operators.

He is part of the team that revealed vulnerable points in popular two-factor authentication schemes using texts and demonstrated how easy it is to compromise Facebook, WhatsApp, and Telegram accounts. He is also a member of the SS7 Attack Discovery development team, a coauthor of Positive Technologies annual reports on telecommunication security.