Cellusys CEO Brendan Cleary (pictured above, left) shared a revealing statistic during the making of yesterday’s episode of RAG TV. Brendan has spent his entire career helping telcos to address the security weaknesses surrounding network signaling protocols like SS7 and Diameter, but a survey performed late last year revealed that only 26 percent of operators believe they have adequate protection against all forms of signaling attacks from other networks they are connected to. The vulnerabilities of signaling protocols should already be appreciated by telcos, as reiterated by a 2018 report from the European Union Agency for Network and Information Security (ENISA):
The SS7, SIGTRAN, GTP and Diameter signalling protocols are underpinning mobile telephone networks across the globe. It is widely known that these signalling protocols have several severe security weaknesses, which can be exploited by attackers in many different ways.
Why do telcos continue to leave gaps in their security that can be exploited by criminals and spies who want to raid your bank account or track your location? Is it because the harm is suffered by the customer instead of their business? Or do top decision-makers refuse to listen to the experts who understand the risks? Brendan explained the technical issues and talked about the hurdles to overcome when making a business case for enhanced network security. If you missed the live broadcast you can watch the recording below.