The issue of signaling security rarely receives much public attention, but a recent announcement from the Federal Communications Commission (FCC), the US regulator, states American telcos have made “significant progress in addressing risks associated with the Diameter protocol”. The press release, which referred to the Diameter security recommendations of the FCC’s Communications Security, Reliability, and Interoperability Council (CSRIC), saw FCC Chairman Ajit Pai “commend the providers that have already implemented these measures and urge those with work underway to complete this important effort”.
The announcement went on to present a positive picture of how the US telecoms industry has responded to the potential threat. Lisa Fowlkes, Chief of the FCC’s Public Safety Homeland Security Bureau (pictured) stated the Bureau has…
…been reaching out to wireless providers to determine how they have responded to CSRIC’s recommendations for reducing Diameter related security risks. We found widespread adoption across the industry, with implementation of these measures either completed or underway by most providers.
A 2018 CSRIC report highlighted that Diameter was likely to suffer similar vulnerabilities to SS7, but that the exploitation of these vulnerabilities would probably require further development by bad actors because Diameter’s adoption was relatively recent. Nevertheless, the onus was on the telecoms industry to identify and mitigate threats before they were exploited.
The use cases found in SS7 may exist in Diameter as well, namely: location tracking; voice/SMS interception; subscriber denial of service (DoS); and account fraud/modification. In addition to these use cases, the Diameter protocol may be used for the interception of user data sessions. Previous research exposed the GPRS Tunneling Protocol (GTP) to be vulnerable in 3G networks, but the functions provided by GTP have been replaced by the Diameter protocol in 4G. The Diameter protocol also introduces the potential to spoof the identity of networks due to the way Diameter routes commands from hop-to-hop, which is unique to Diameter.
Nation states are considered to pose the greatest potential threat, because of the resources they might deploy when seeking to find holes in the security around Diameter. The FCC’s desire to tighten Diameter security may be linked to increasing concern that China is using its telecommunications industry to steal intellectual property and spy on other governments.
Commsrisk has published a number of articles about signaling risks over the years and consequently highlighted how telecoms risk vendors like Mobileum have prioritized the addition of signaling firewalls to their portfolio of products. AdaptiveMobile Security announced they had identified real-life Diameter attacks as early as February 2018, and there has since been an intensification of interest in Diameter security.