June 21, 2017

SigPloit framework published: telecom vulnerability testing of SS7, GTP, Diameter, and SIP made easy


Code for the open-source SigPloit framework has been published on GitHub by security researcher Loay Abdelrazek. SigPloit is a convenient framework for testing for vulnerabilities in telecommunication protocols. We cannot say state that this project will have a big effect on the security situation, but this is definitely one of the alarm bells that should be noted by telecom industry.

What SigPloit does

As described on GitHub, SigPloit is a framework intended for telecom security specialists. Researchers can use SigPloit for penetration testing of telecom networks in order to find known vulnerabilities in signaling protocols.

The stated purpose of the framework is security testing of all existing protocols that are used in telecom operators' infrastructure, including SS7, GTP (3G), Diameter (4G), and even SIP for IMS and VoLTE, which is used at the access level and for encapsulating SS7 messages in SIP-T. According to the documentation, SigPloit uses testing results to provide network-specific recommendations on how to improve security.

Consequences for telecom security


Telecom protocols often rely on "security through obscurity." In practice, security measures are often inadequate, but such issues are contained due to the small number of securityresearchers conversant in these niche protocols and infrastructures. Tools like SigPloit possibly bring some changes to this and can be easily modified to implement the full range of SS7 attacks.

Such publicly available pentesting tools dramatically reduce the barrier to entry for those interested in telecom security—both white hats and black hats. Attacks on operator infrastructure will become the province not only of experienced industry specialists, but even novices with basic knowledge of Linux, programming and networks.

If telecom operators fail to prioritize security, telecom users and their privacy will lose out.

Positive Technologies researchers have repeatedly raised the alarm about vulnerabilities in the SS7 signaling protocol. These attacks have long passed from the "proof of concept" stage to real threats that are being used against users in the wild. SS7 vulnerabilities have already been used to steal from user bank accounts as well as hack Telegram accounts.

Please refer to our latest research papers to be up to date with latest trends:

No comments:

Post a Comment