recentpopularlog in

pierredv : diameter   3

Newer Diameter Telephony Protocol Just As Vulnerable As SS7, Jul 2018
"Security researchers say the Diameter protocol used with today's 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier."

"The difference between these two is that while SS7 did not use any type of encryption for its authentication procedures, leading to the easy forgery of authentication and authorization messages, Diameter supports TLS/DTLS (for TCP or SCTP, respectively) or IPsec."

"4G operators often misconfigure Diameter"

"Researchers say that the Diameter misconfigurations they've spotted inside 4G networks are in many cases unique per each network but they usually repeat themselves to have them organized in five classes of attacks: (1) subscriber information disclosure, (2) network information disclosure, (3) subscriber traffic interception, (4) fraud, and (5) denial of service."
LTE  4G  cyber-spectrum  cybersecurity  Diameter  SS7 
13 days ago by pierredv
[pdf] Next-generation networks, next-level cybersecurity problems - Positive Technologies
"In preparation for the brave new world of 5G and IoT, the last few years have seen operators make significant CapEx investments in their next-generation networks. However, despite spending billions upgrading from a protocol developed in the 70’s (ss7) to Diameter (4G and 5G), flaws exist that allow an attacker to carry out eavesdropping, tracking, fraud, theft, and worse."
networking  cybersecurity  cyber-spectrum  spectrum-vulnerability  SS7  Diameter  cellular  PositiveTechnologies 
march 2019 by pierredv
SS7 vulnerabilities and attack exposure report, 2018 - Positive Technologies
Via Dale

"This report reveals the results of SS7 security analysis. Signaling System 7 (SS7) is used for exchanging data between network devices in telecommunications networks. While this standard was being developed, only fixed-line operators had access to the SS7 network, so its security was not first on the priority list. Today the signaling network is not isolated, and this allows an intruder to exploit its flaws and intercept calls and SMSs, bypass billing, steal money from mobile accounts, or affect mobile network operability."

"Although new 4G networks use another signaling system, Diameter, SS7 security issues have not been forgotten, because mobile operators should ensure 2G and 3G support and interaction between networks of different generations. Moreover, research shows that Diameter is prone to the same threats. This protocol's vulnerabilities along with possible cross-protocol attacks that use Diameter and SS7 flaws will be outlined in the next report."

CONCLUSION

"The research has shown that the level of security of mobile communication networks is still low. The overwhelming majority of networks remain vulnerable, which allows criminals to intercept subscribers' voice calls and messages, perform fraudulent operations, and disrupt service availability for subscribers."
SS7  Diameter  spectrum-vulnerability  cyber-spectrum  cybersecurity  telecoms  2G  3G  4G  PositiveTechnologies 
march 2019 by pierredv

Copy this bookmark:





to read