Ss7 vulnerabilities and attack exposure
Yüklə 5,08 Mb. Pdf görüntüsü
|
| 78 percent
of networks are vulnerable to fraud The percentage of successful attacks is high due to the lack of a subscriber actual location check� To reduce the possibility of attacks using these methods, contin- uous monitoring of signaling traffic and illegitimate activity is required to identify suspicious hosts, build lists of trusted networks, and immediately block requests from banned sources� Originating calls are tapped by using a similar pattern: the message InsertSubscriberData replaces the address of the billing platform in the subscriber's profile stored in the VLR database� When a request is sent to the changed address, the attacker first redirects the originating call to his or her equipment, and then redirects it to the called subscriber� So the attacker can tap any conversation of the subscriber� Fraud There is a wide range of methods that can be used by criminals to gain financial benefit from the operator or subscribers� These methods can be divided into four categories: + Illegitimate redirection of terminating or originating calls + USSD request manipulation + SMS message manipulation + Subscriber profile changing Illegitimate redirection of terminating or originating calls An attacker can redirect voice calls of subscribers to premium-rate numbers or to a third-party number� The call will be paid by the subscriber in case of establishing unconditional redirection, or by the operator in case the subscriber is registered in a fake network and his or her roaming number is spoofed� Call redirection also helps to implement other fraudulent schemes� For example, if a subscriber makes a call to a bank, an intruder can redirect it to his or her own number impersonating a bank employee, and thus obtain confidential information, such as passport data and a codeword� Another method is redirecting terminating calls and impersonating a subscriber to confirm banking transactions� Figure 12� Forwarding a subscriber's voice calls (percentage of successful attacks) 2015 2017 2016 0% Originating call redirection Control of unconditional forwarding 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 45% 47% 17% 92% 76% 65% Terminating call redirection 94% 69% 76% Calls are redirected by using UpdateLocation, RegisterSS, InsertSubscriberData list- ed above, as well as by using AnyTimeModification that allows making changes to a subscriber's profile (note that no attack attempt using the AnyTimeModification was successful)� Attacker can obtain passport data and a codeword impersonating a bank employee 13 USSD request manipulation An attacker can transfer money from the account of a subscriber or an operator's Yüklə 5,08 Mb. Dostları ilə paylaş:
|