July 4, 2017
At the recent Mobile World Congress in Shanghai, network signalling security vendor Evolved Intelligence warned that operators racing to deploy 5G services in time for the Winter Olympic Games in 2018 were in danger of forgetting the security lessons of the past.
Co-founder and commercial director Peter Blackie said that not enough progress had yet been made on securing 5G network signalling. “It is only in the last couple of years that we have begun to protect the open door in the SS7 signalling protocol used in second and third generation networks,” he said. “Hackers and fraudsters have found that door and have now begun exploiting the weakness.
“It is therefore vital that as well as continuing to close that door, we also ensure that signalling security in 4G and 5G networks gets the attention it requires now and that we do not repeat the mistakes of the past.”
Referring to the race to launch in time for the Winter Olympics, Blackie warned: “I understand the commercial targeting of big events for new technology, but it will put the operators in a vulnerable position if they launch 5G networks without the right level of security.”
Earlier this year, hackers exploited the weakness in SS7 signalling to defraud banking customers in Germany, diverting text messages that had been sent to authorise consumer transactions to their own mobiles rather than to the registered user. Evolved Intelligence is supplying a Signalling Firewall offering to operators that the company said would have detected and blocked the fraudulent divert.
Although SS7 signalling, typically used to communicate between networks, is not used in 4G and 5G systems, the replacement Diameter signalling has some of the same inter-network security issues.
“The security issues will not fade away with the closure of the legacy networks,” said Blackie. “The Diameter signalling used in 4G and 5G networks will need improved security to keep the fraudsters at bay – especially as the technology underpinning Diameter will be more familiar to IT and computer hackers than the telecoms technology used in SS7 signalling.”