The biggest event of the telecom industry attracted particularly wide media coverage this year: the King of Spain personally arrived in Barcelona for the opening of the annual Mobile World Congress (MWC 2018), which caused a wave of protests by supporters of the region's independence from Madrid. As a result, newspaper front pages and TV channel prime time are all taken by high tech and telecom innovations against the backdrop of protesting crowds. And it is recommended that all participants and visitors to the Congress should not wear a badge outside the venue for greater security.
The Mobile World Congress has been held annually for more than 30 years.
Among the participants are mobile operators, manufacturers of all kinds of communication devices, application developers, and even auto giants and international payment systems. Without exaggeration, all industry players try to time their long-awaited announcements for the date of the event. The unspoken motto is: if you have your place in the mobile world, even if a small one, you must be in Barcelona! Even Apple, which is traditionally absent from shows, including the MWC, makes its presence felt here: when journalists describe new versions of gadgets by dozens of Asian vendors, they occasionally allow themselves comparisons—"like Apple," "no worse than Apple," "just like Apple."
What immediately caught the eye this year is the abundance of robots:
and the dominance of automotive brands, including Mercedes, Audi, Smart:
, and even Bentley on the Visa stand symbolizing the concept of connected car.
Robots not only attract the attention of visitors but also do a good job at stands and serve as a reminder of the expanded possibilities of the Internet of things. With cars, it is a different story: on the one hand, more and more of their components can to some extent access the Internet; on the other hand, visitors take little interest in it and only use them for taking pictures. Although it is the presence of such high-tech devices at such a high-profile event that should make one think about how it really works and how safe it is when your car is connected to something out there and most importantly—what for. And this is exactly where all the horror stories about hacking IoT gadgets come to mind. Examples are plentiful—security threats to connected cars have been detailed time and again. By the way, one of the halls had a Ferrari on display, all strewn with sponsors' logos, including Kaspersky Lab, which is gratifying—at least such a reminder may make the participants finally think seriously about the security of mobile solutions that they offer.
In general, the main topics of the MWC 2018 and its key words are best summarized on the stand of the French corporation Atos:
Literally everything is mentioned there, including blockchain
As far as security is concerned, AV vendors were the highlights of the MWC, although the number of information security companies at the show should be times over, and this understanding will soon inevitably come! Among AV vendors, noteworthy are the already mentioned Kaspersky Lab, which devoted its participation in this year's show to the security of the Internet of things, as well as Avast with its new Smart Life solution for IoT device security.
By the way, one of the walls of Kaspersky Lab's stand is devoted to video graphics of how attackers use holes in IoT security and what they can really do. These are notorious use cases, which should convince vendors of the importance of taking security into account when launching their smart devices.
Given the lack of attention to information security, we, Positive Technologies, could not stay away and decided to fill this gap—in the format of a special event for key experts in the telecom industry. My London colleagues and I told representatives of the largest telecom operators how hackers attack SS7 networks and what operators can do to protect themselves from attackers.
For the past three years, we have not only analyzed possible threats and vectors of attacks via mobile networks but also detected real attacks using PT Telecom Attack Discovery.
It is no secret that today cybercriminals are not only aware of the security flaws of signaling networks but also actively exploit these vulnerabilities. Our monitoring shows that attackers spy on subscribers, intercept calls, bypass billing systems, block users. Just one large operator with several dozen million subscribers is attacked more than 4,000 times daily.
Security monitoring projects in SS7 networks were conducted for large telecom operators in Europe and the Middle East. Attacks aimed at fraud, disruption of subscriber availability, interception of subscriber traffic (including calls and text messages) totaled less than two percent. However, these are the most dangerous threats for users.
According to our research, 100 percent of attacks aimed at intercepting text messages are successful. Theft of security codes sent in this way is fraught with compromising e-banking and mobile banking systems, online stores, e-government portals, and many other services. Another type of attack—denial of service—is a threat to electronic IoT devices. Today, not only individual user devices are connected to mobile communication networks but also elements of smart city infrastructure, modern industrial enterprises, transport, energy, and other companies.
Fraud against the operator or subscribers is also a matter of serious concern. An essential part of such attacks are related to unauthorized sending of USSD requests (81%). Such requests allow transferring money from a subscriber's account, enabling premium-rate services for a subscriber, or sending phishing messages on behalf of a trusted service.
We raise this issue year after year, our task is to warn about real threats so that operators paid significantly more attention to security, while all ordinary subscribers were also alert and did not fall prey at least to banal social engineering. It is gratifying to see operators growing aware of the existing risks and drawing conclusions: in 2017, all analyzed networks used SMS Home Routing, and one in three networks had signaling traffic filtering and blocking enabled. But this is not enough. Today, we still see that all the networks that we analyzed are prone to vulnerabilities caused both by occasional incorrect setup of equipment and by architectural flaws of SS7 signaling networks that cannot be eliminated using existing tools.
Countering criminals takes a comprehensive approach to security. It is necessary to regularly assess the security of the signaling network in order to discover existing vulnerabilities and develop measures to reduce the risks of realizing threats, and keep security settings up to date afterwards. It is also important to continuously monitor and analyze messages that cross the network perimeter to detect potential attacks. This task can be performed by a threat detection and response system, which allows discovering illegitimate activity in its early stages and blocking suspicious requests. This approach allows providing a high level of protection without disrupting the normal functioning of the mobile network.
Author: Dmitry Kurbatov, Head of Telecommunications Security, Positive Technologies