Computaris and HP have collaborated to secure the network of a unnamed Eastern European mobile carrier.
The partnership co-developed a new solution to block SS7 attacks and secure subscriber information from hackers. The easy to install solution to prevent security and privacy breaches allows the unnamed operator to reassure governing bodies and subscribers that their privacy and security cannot be compromised.
It's not clear whether the solution was required as a direct result of an attack or in response to increased security concerns. Given the potential for corporate embarassment if news of a threat leaked out it's no surprise the operator in question wishes to remain anonymous.
SS7 is a set of telephony protocols that handles the key functions on a mobile network that includes voice calls and text messages. As these protocols were developed over 30 years ago, SS7 is vulnerable to attack in today's interconnected world. As such, the scale of the problem is enormous, with potentially all mobile networks exposed to SS7 security breaches.
The new robust solution works by checking the authenticity of the Short Message Service Engine (SMSE). It can block attacks and allow legitimate messages to get through securely. By pretending to be an SMSE, hackers can gain access to the International Mobile Subscriber Identity (IMSI) number and reroute calls and texts and even discover what cell site a mobile device is connected to in order to track a subscriber. Due to international roaming agreements, hackers do not even need to be in the same country as the target.
"SS7 is an integral part of almost all mobile networks. This vulnerability is therefore a significant problem for carriers, governments and subscribers. It could only be a matter of time before a large-scale hack gains international attention," said Florin Oltean, Practice Principal/Solution Domain Manager at HP. "Operators need to act now to secure their networks and prevent embarrassing and potential dangerous attacks."
"We worked closely with HP to develop a solution that can protect operators and their subscribers from attacks while maintaining normal network operation," said Bogdan Danila, Business Unit Director, Consultancy and System Integration for Computaris. "The solution is proven to work and is already up and running in a number of mobile networks. All operators should adopt a solution that prevents attacks before it is too late."