Diameter is an authentication, authorization and accounting protocol that is widely used between the LTE core nodes by mobile network operators. While multiple methods for connecting subscribers to networks have been used over the years – including exchange and SS7 – Diameter is the latest protocol. While security vulnerabilities in SS7 are well known, it’s often assumed that Diameter is more secure. In this talk, I will describe my experience in creating a tool for fuzzing Diameter protocols.
I will start with short overview of telecom signalling security and then describe vulnerabilities found while using the fuzzing tool. I’ll then cover the technical and administrative challenges specific to fuzzing telecom equipment using examples from our practice. The talk will cover topics such as:
1) How protocol specifics reflect in fuzzer architecture
2) Use of existing protocol stacks for building fuzzers
3) Which additional tools may be needed in MNO Test Lab environment and how to adapt fuzzer for it
4) How to reproduce issues reliably
5) Lessons learned on communication with MNO representatives when vulnerabilities are discovered