Based on the results of a survey commissioned by Xura, this webinar co-hosted with TMCnet, explored the mobile consumer’s view of the risks they face from mobile network vulnerabilities, and the role of the mobile network operator in protecting them.
2. | XURA NETWORK SECURITY SURVEY WEBINAR
How secure are mobile networks?
How aware of the risks are consumers?
What do consumers worry about?
How do consumers protects themselves?
What role does the network operator have?
What are operators doing to improve security?
Agenda
2
3. |
Audience Participation Q1
XURA NETWORK SECURITY SURVEY WEBINAR
iPhone users vs Android users – which group
places themselves at more risk of mobile-
related cybercrime?
iPhone users
Android-based phone users
3
In-fill question:
This webinar is going to talk
about security weaknesses in
the telecoms network rather
than compare security of
different handset operating
systems, but does the type of
handset make any difference to
how exposed consumers are to
network vulnerabilities?
4. |
Audience Participation Q2
XURA NETWORK SECURITY SURVEY WEBINAR
To what extent are you aware that SS7
networks are vulnerable to hacking/abuse ?
What’s SS7?
Not at all aware
Somewhat aware
Aware and familiar with some of the details
Very aware and familiar with most of the details
Expert knowledge of the issue
I disagree: SS7 is totally secure
4
In-fill question:
I know we're going to avoid the
technical detail of SS7 during
this webinar, but for those that
want more technical
information, where can they
find it?
5. |
Audience Participation Q2 Results
XURA NETWORK SECURITY SURVEY WEBINAR
To what extent are you aware that SS7
networks are vulnerable to hacking/abuse ?
RESULTS
5
6. | XURA NETWORK SECURITY SURVEY WEBINAR
How secure are mobile networks?
How aware of the risks are consumers?
What do consumers worry about?
How do consumers protects themselves?
What role does the network operator have?
What are operators doing to improve security?
6
7. | XURA NETWORK SECURITY SURVEY WEBINAR
What is SS7, and why is it important?
Authentication
Mobility
Charging
Policy
Personalization
Calls and messaging
with subscribers on
other networks
Roaming
Call control and
messaging
It’s what makes the network work
Carries the mission-critical, real-time data
between network elements
$€£
Subscriber identity
Subscriber device type
Connection types and status
Subscriber location
Address of control elements
Address of charging elements
Usage policy settings
Subscriber service settings
Other
Networks
7
8. | XURA NETWORK SECURITY SURVEY WEBINAR
How do hackers get access to SS7?
Generally
Outside the network
Hubs (including GRX and IPX)
Other
Networks
SIGTRAN replaced physical TDM
links
Interconnection to other networks
Interconnection via hubs
Other
Networks
Network elements
including VAS systems
SMSC IN etc
External connectivity from other
networks and hubs via STPs, Signaling
Gateways and Media Gateways
Signalling connection to 3rd parties
Signaling connections and
signaling end-point addresses
leased to 3rd parties
3rd Parties
Inside the network
Network elements require
signalling access
8
9. | XURA NETWORK SECURITY SURVEY WEBINAR
What can hackers do via insecure SS7?
Subscriber privacy is lost:
Location can be determined
Calls can be blocked, diverted and intercepted
Messages can be blocked, diverted, intercepted and
manipulated
Subscriber identity may be abused:
Secure access codes received by SMS can be stolen
Network operation is at risk:
Denial of service (DoS) attacks
Operator is exposed to fraud:
Bypass of prepaid billing & roaming fraud
Revenue Loss & Fraud
Billing may be bypassed
Revenue lost from blocked calls $
Reputation & Churn
Poor service quality
Fraud
Security breaches
Compliance & Liabilities
SLA failure penalties
Lawsuits
Regulator fines
Subscriber is exposed to fraud:
Fraudulent enrolment to premium-rate messaging services
Fraudulent call diverts to premium-rate numbers
USSD commands may be used to transfer balance between
subscriber accounts
9
10. | XURA NETWORK SECURITY SURVEY WEBINAR
The vulnerabilities are real. SS7 abuse is happening.
More than 350 network deployments worldwide
Serving more than 3 billion end-points
Providing network security solutions for more than 10 years
100%of networks tested have
vulnerabilities
Roaming Fraud $$
Pre-Paid Charging Bypass Fraud $$$
Location Tracking
Call Interception
SS7 exploits detected
10
11. | XURA NETWORK SECURITY SURVEY WEBINAR
Mobile networks are not secure
11
12. |
Audience Participation Q3
XURA NETWORK SECURITY SURVEY WEBINAR
The following exploits have been associated
with the vulnerabilities in SS7. Which do you
think pose the biggest threat to network
operators? (Pick up to 3)
Monitoring subscriber service usage and
communications
Tapping, interception or re-routing of voice calls
Tapping, interception, re-routing or manipulation of
messaging
Use of subscribers identities to gain fraudulent access
to telecom services
Denial-of-service attack impacting general service
availability
Denial-of-service attack on targeted subscribers
Bypass of operator charging and billing functions
Subscriber location tracking
12
In-fill question:
It seems that one of the root
causes is that operators lease
SS7 connections to third parties
that can't be trusted. Why do
they do that?
13. |
Audience Participation Q4
XURA NETWORK SECURITY SURVEY WEBINAR
As a result of SS7 attacks, which of the
following possible effects would be likely to
cause the most significant pain for mobile
network operators?
(Pick up to 3)
Increased churn
Litigation from subscribers
Litigation from enterprise customers
Additional legal or regulatory requirements
Fines imposed by regulators
Loss of preferred roaming partner status
Increased losses to fraud
Loss of operating service revenues
Devalution of company stock/shares
13
In-fill question:
What's motivating people to
hack mobile networks and
subscriber?
14. | XURA NETWORK SECURITY SURVEY WEBINAR
Mobile networks are not secure
How aware of the risks are consumers?
What do consumers worry about?
How do consumers protects themselves?
What role does the network operator have?
What are operators doing to improve security?
14
15. | XURA NETWORK SECURITY SURVEY WEBINAR
SS7 vulnerabilities have been publicized in consumer media
German researchers discover
a flaw that could let anyone
listen to your cell calls.
Phone network hack means
anyone can listen in on any
mobile call
Cellular Privacy SS7
Security Shattered
at 31C3
September 2015: “Hackers exploit SS7 vulnerability to spy on Australian senator:
report”
December 2014 : Annual Chaos Communication Congress event held in Hamburg …
April 2016: “Sharyn Alfonsi reports on how mobile phone networks are vulnerable.”
15
16. | XURA NETWORK SECURITY SURVEY WEBINAR
Xura Research Project
To understand subscribers’
perceptions and attitudes to
the risks and consequences
of mobile phone use and
‘attacks’ via SS7
16
18. | XURA NETWORK SECURITY SURVEY WEBINAR
Awareness of the problem and risks is low amongst
consumers – and somewhat confused
30% YESAre you aware (or have you heard) of any
security weakness in mobile phone networks
that could make it possible for "hackers" to
perform acts like those described below?
Make fraudulent calls to “premium rate’
numbers at the subscribers expense
Register subscribers to "premium rate"
messaging services
Track the location of the phone
Listen in to and record phone calls
Intercept and possibly modify SMS text
messages
Prevent the subscriber from making calls,
sending SMS texts or getting a data
connection from your mobile
Aus : 28%
UK : 32%
US : 29%
21% of those (6% of total) indicated specific awareness of
SS7 related vulnerability. Other root causes given included:
OS vulnerabilities – 9%
App vulnerabilities – 6%
Operator data leaks – 3%
Vulnerabilities in Bluetooth, the Air Interface and WiFi were
also mentioned, as well as voicemail hacking.
I have heard about journalists using
hackers to listen on celebrities'
conversations, and record them to get
news.
http://www.cbsnews.com/news/
60-minutes-hacking-your-phone/
18
19. | XURA NETWORK SECURITY SURVEY WEBINAR
Mobile networks are not secure
Consumers do not understand the risks
What do consumers worry about?
How do consumers protects themselves?
What role does the network operator have?
What are operators doing to improve security?
19
20. |
Audience Participation Q3 Results
XURA NETWORK SECURITY SURVEY WEBINAR
The following exploits have been associated
with the vulnerabilities in SS7. Which do you
think pose the biggest threat to network
operators?
RESULTS
20
21. | XURA NETWORK SECURITY SURVEY WEBINAR
Which "hacks" do you feel are most likely to happen to you?
UK subscribers (58%) feel significantly more at risk of
becoming victims of fraudulent calls being made at
their expense, or being fraudulently registered for
premium rate SMS services. Location tracking is a
bigger concern for US citizens (46%).
Approx.
40%
45% Fraudulent calls made at the subscribers expense
38% Fraudulent registration for premium SMS services
40% Location tracking
0%
10%
20%
30%
40%
50%
60%
ALL Aus UK US Female Male 18-30 31-50 51+
Fraudulent Calls SMS Subscriptions Location Tracking
Call Interception SMS Interception Denial of Service
18-30 year olds (53%) feel significantly more at risk of
becoming victims of location tracking. Fraudulent calls
is a bigger concern for the over 50’s (50%).
If it was possible for "hackers" to hack your mobile network provider and do the things described above, which "hacks" do you feel are most likely to happen to you? (Select up to 3)
21
22. | XURA NETWORK SECURITY SURVEY WEBINAR
How severely do you feel you would be affected if
these "hacks" happened to you?
US subscribers generally feel they would be less badly
affected than their UK and Australian counterparts,
except for Denial of Service attacks.
52% Severely or Badly affected
The over 50’s are more concerned about the impact of
fraudulent calls, while 18-30 years olds are more
troubled by location tracking and call and SMS
interception.
Fraudulent
Calls
SMS
Subscriptions
Location
Tracking
Call
Interception
SMS
Interception
Denial of
Service All
Aus
UK
US
52%
37%
36%
39%
58%
Gender plays a big role with males expecting to be
significantly less badly affected than females across all
types of threat.
22
23. | XURA NETWORK SECURITY SURVEY WEBINAR
Mobile networks are not secure
Consumers do not understand the risks
Consumers are worried about fraud
How do consumers protects themselves?
What role does the network operator have?
What are operators doing to improve security?
23
24. | XURA NETWORK SECURITY SURVEY WEBINAR
What rules do you use to decide whether to grant “apps”
permission to access other features or data on your phone?
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Aus UK US ALL
None Ad hoc rules Strict rules
22% NONE
Males are marginally more likely to simply accept permissions
than females (24% vs 21%) but are almost twice as likely to
apply strict rules (11% vs 6%)
Those aged under 30 are more than twice as likely to simply
accept permissions than those aged over 50 (32% vs 15%)
The application of Strict Rules doesn’t vary with age.
24
25. | XURA NETWORK SECURITY SURVEY WEBINAR
How often do you check your balance/bill to verify you
have been correctly charged?
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
All
PayMonthly
Prepay
All
PayMonthly
Prepay
All
PayMonthly
Prepay
All
PayMonthly
Prepay
ALL Aus UK US
"Monthly or more"
"A few times per year"
"Never"
ALL
32% NEVER
Highest ARPU subscribers (top 20%) are only slightly more
likely to check their bills
56% check monthly or more frequently compared with average of 51%
Males and females are equally likely to check their bills every
month
UK Females marginally less so (43%) than UK Males (49%)
When someone else pays the bill 52% of phone users will
never check they have been correctly charged
Those aged between 31 and 50 are least likely to check their
bills monthly
Overall variance is small, ranging from 44% to 55%
25
26. |
Audience Participation Q1 Results
XURA NETWORK SECURITY SURVEY WEBINAR
iPhone users vs Android users – which group
places themselves at more risk of mobile-
related cybercrime?
RESULTS
26
27. | XURA NETWORK SECURITY SURVEY WEBINAR
iOS
54% more likely
never check their bill
than Android device users
more than 2x
apply no rules
when granting App permissions.
27
28. | XURA NETWORK SECURITY SURVEY WEBINAR
Mobile networks are not secure
Consumers do not understand the risks
Consumers are worried about fraud
They don’t protect themselves
What role does the network operator have?
What are operators doing to improve security?
28
29. |
Audience Participation Q4 Results
XURA NETWORK SECURITY SURVEY WEBINAR
As a result of SS7 attacks, which of the
following possible effects would be likely to
cause the most significant pain for mobile
network operators?
RESULTS
29
30. |
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Not at all protected
Slightly protected
Moderately protectected
Well protected
Completely protected
XURA NETWORK SECURITY SURVEY WEBINAR
How well does your mobile network provider currently
protect you from "hackers“?
UK subscribers feel marginally less protected by the
network operator than their Australian and US
counterparts. This is most noticeable in relation to
SMS Interception.
61%
Moderately
or better
30
31. | XURA NETWORK SECURITY SURVEY WEBINAR
If you became aware that you had been a victim of these
"hacks", what action(s) would you most likely take ?
1 in 3 would inform the telecom regulator –
Australians more so (45%) than Americans
(24%) who are more likely than average to
share the incident via social media.
Half (49%) would seek compensation from
their mobile network provider. In the UK, this
figure rises to 54%. Younger generations are
more likely to follow this course of action than
the over 50’s.
29% would change their provider either
immediately (22%) or at the next renewal date
(7%). The young are more likely to change
providers than the old.
14%
33%
54%
24%
49%
7%
22%
29%
2%
8%
0% 20% 40% 60%
Do nothing
Switch to using 'Apps' to make calls and send messages
more securely
Change my mobile network provider at the next
renewal date
Change my mobile network provider as soon as
possible
Change my mobile network provider
Seek financial compensation from my mobile network
provider
Get a new mobile number, but stay with my current
mobile network provider.
Report the story on social media (e.g. via twitter or
facebook) or via the press
Inform my national telecoms regulator
Inform the police
31
32. | XURA NETWORK SECURITY SURVEY WEBINAR
Mobile networks are not secure
Consumers do not understand the risks
Consumers are worried about cybercrime
They don’t protect themselves
They hold network operators responsible
What are operators doing to improve security?
32
33. | XURA NETWORK SECURITY SURVEY WEBINAR
We’re working with operators in every continent to improve security
Fraud and Security Groups
Security Recommendations
Network
Operators
Security
Providers XURA
Audit Network Vulnerability
Monitor Threat Activity
Security Solutions
Xura SS7 Firewall
33
34. | XURA NETWORK SECURITY SURVEY WEBINAR
2G, 3G
SS7
4G and beyond
DIAMETER
Solutions for the next signaling security challenge
34