Why Are 74% of Operators Still Vulnerable to Signaling Attacks?

Cellusys CEO Brendan Cleary (pictured above, left) shared a revealing statistic during the making of yesterday’s episode of RAG TV. Brendan has spent his entire career helping telcos to address the security weaknesses surrounding network signaling protocols like SS7 and Diameter, but a survey performed late last year revealed that only 26 percent of operators believe they have adequate protection against all forms of signaling attacks from other networks they are connected to. The vulnerabilities of signaling protocols should already be appreciated by telcos, as reiterated by a 2018 report from the European Union Agency for Network and Information Security (ENISA):

The SS7, SIGTRAN, GTP and Diameter signalling protocols are underpinning mobile telephone networks across the globe. It is widely known that these signalling protocols have several severe security weaknesses, which can be exploited by attackers in many different ways.

Why do telcos continue to leave gaps in their security that can be exploited by criminals and spies who want to raid your bank account or track your location? Is it because the harm is suffered by the customer instead of their business? Or do top decision-makers refuse to listen to the experts who understand the risks? Brendan explained the technical issues and talked about the hurdles to overcome when making a business case for enhanced network security. If you missed the live broadcast you can watch the recording below.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.