New infosec products of the week
Written by   
Friday, 19 May 2017 07:07

Delta is testing facial recognition technology

Delta is introducing four self-service bag drop machines at Minneapolis-St. Paul International Airport this summer, a $600,000 investment that allows customers to quickly, securely and easily check their own bags. One machine will be equipped to test facial recognition technology to match customers with their passport photos through identification verification, a first for U.S. carriers.

infosec products may 2017

Visual troubleshooting, analytics and alerting dashboards for mobile enterprises

NetMotion announced NetMotion Mobile IQ, a visualization, analytics and alerting platform for mobile deployments. Built on Splunk Enterprise, Mobile IQ delivers real-time analysis and alerts on mobile connectivity, security, performance, and behavior so that IT operations teams can make informed decisions. Mobile IQ digests previously untapped “big data” collected from NetMotion-enabled mobile devices.

infosec products may 2017

F-Secure protects the Internet-connected things in consumers’ homes

F-Secure is delivering a device that will secure the IoT in consumers’ homes. F-Secure SENSE combines a secure Wi-Fi router with a security app and cloud protection to provide the missing piece that modern homes need to secure any device, computer or appliance that connects online.

infosec products may 2017

SailPoint extended its open identity platform approach to IdentityNow

The identity issue has become so overwhelming that enterprises are desperate to have full 360-degree visibility into ‘who has access to what’ across systems, applications and data stores to better prevent data breaches today. By opening the IdentityNow cloud-based identity governance platform, enterprises now have access to actionable, accurate identity data that can be combined with, or acted upon by other critical security technologies.

infosec products may 2017

New data-centric security features from CA Technologies

CA Technologies announced new data protection enhancements to CA Data Content Discovery and CA Compliance Event Manager that simplify security management across the enterprise and enable robust, end-to-end protection for data-in-motion from mobile to mainframe. The solution enables organizations of all sizes to better manage their data and address security and compliance needs.

infosec products may 2017

Who’s responsible for fixing SS7 security issues?
Written by   
Friday, 19 May 2017 06:15

The WannaCry[1] ransomware onslaught has overshadowed some of the other notable happenings this month, including the spectacular Google-themed phishing/spamming attack[2], and the news that attackers have managed to exploit vulnerabilities in the SS7 protocol suite[3] to bypass German banks’ two-factor authentication and drain their customers’ bank accounts.

SS7 security issues

According to the reports, the attackers were able to pull this scheme off by gaining access to the network of a foreign mobile network operator, and using that access to set up call and SMS forwarding for the targets’ mobile phone number.

O2 Telefonica, the German mobile network operator with which the victims opened their accounts, has reacted to the revelation by making it impossible for call forwarding to be effected by other organizations that have this kind of access to their network. Other German mobile network operators have effected the same change.

The National Institute for Standards and Technology (NIST) has for a while now been advising businesses to sunset SMS-based two-factor authentication, and switch to using alternative authenticators (e.g. security tokens, mobile apps like Google Authenticator, etc).

But what solutions are offered for communication service providers (CSPs) who don’t want to potentially lose enterprise opportunities?

The responsibility of security lies with CSPs

“CSPs and those involved in authentication should increase their investment in this security method by upgrading existing systems with further measures. If mobile operators want to defend their role in enterprise Application to Person (A2P) communications, it is imperative that action is taken now to secure the SMS channel, (and the network more generally), before lucrative A2P messaging is put at risk,” Ilia Abramov, Product Director at Mavenir Security Solutions, told Help Net Security.

It’s on them to keep users safe, although in some countries governments and regulators have also stepped in to force issues to be resolved quickly.

“In the United States for example, representative Ted Lieu has been outspoken since the publicized hack of his phone[4] by 60 Minutes about the need for the FCC to take SS7 security steps. As another example, government of Thailand has mandated solutions; however, the EU has been less outspoken about demanding a resolution,” Abramov noted.

According to him, there are two key measures Communication Service Providers (CSPs) should take to protect both their subscribers and networks from attack.

“Installing a signaling firewall should certainly be the first step to provide defense and mitigate risk. However, the threat landscape is dynamic, not static: CSPs should be regularly auditing and analyzing their networks to continuously monitor for any gaps where cybercriminals could attack – this is the second step.”

“The linkage between these two steps is of critical importance. On one-hand, the deployed firewall must be capable of supporting rapid enhancement as new security patches become necessary, and it must support those changes without jeopardizing the five-nines operation it is trying to protect. On the other-hand, the firewall itself can dramatically enhance discoverability of new threats if it is equipped with the correct signaling analytics tools. The use of machine-learning also greater enhances the discovery of new attacks. Together these two additional aspects can simplify and accelerate the speed at which new dangers can be identified and patched.”

Switching from SS7 is not a panacea

It’s also easy for outsiders to simply say: “If SS7 is flawed, why don’t providers switch to using another technology?”

“Legacy SS7 technology will gradually be replaced by Diameter Signaling over the next ten years or so, but the switch is not security driven – it is a necessary evolution. CSPs are moving towards Diameter Signaling to support LTE and 5G investments in order to keep up with demands for new and improved services and Internet of Things (IoT) services, across both B2B and B2C offerings,” he explained.

But the signaling security issue the industry is experiencing is based on the fundamental need for CSPs to exchange information (signaling) to support inter-carrier calling and to support roaming.

“The underlying model of trust, and many of the resulting signaling exchanges are the same in Diameter as they are in SS7: consequently, a similar set of security ‘flaws’ exist in Diameter as in SS7,” he pointed out.

SS7 security issues: What can end users do?

There are some actions that we as individuals can take to keep ourselves safer from mobile fraudsters and hackers.

“Checking monthly cell bills for fraudulent charges, paying close attention to app permissions, limiting the sources you share personal data with, and checking account security if notifications or authorization codes are received without being requested are all good ideas,” says Abramov, adding that while these actions won’t protect against all threats, they are good prevention practices.

Keeping a close eye on one’s mobile banking applications and online accounts to flag fraudulent activity as soon as possible is also advised.


  1. ^ WannaCry (
  2. ^ spectacular Google-themed phishing/spamming attack (
  3. ^ exploit vulnerabilities in the SS7 protocol suite (
  4. ^ hack of his phone (
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 2 of 20