Protect your network against severe vulnerabilities in the Signalling System #7 core infrastructure

Presenting the first cellular network firewall.

The SS7 core infrastructure can no longer be trusted

Our multi-year research has identified a number of severe vulnerabilities in the Signalling System 7 core infrastructure protocols for voice networks

Track Users

Track subscribers down to street level

Billing Fraud

Modify subscriber data for billing fraud

Intercept Calls

Remote interception of telephone calls

 

 

What is SS7?

Short for Signaling System 7, SS7 creates an international roaming infrastructure, that by it’s nature, transmits confidential customer data between networks and countries to support the seamless roaming services subscribers expect.

SS7 Network Diagram

 

 

The Public Is Becoming Aware

The assumption that national telecom networks offer a safe haven against foreign espionage has long been falsified.

SS7: Locate. Track. Manipulate.

  • Speaker: Tobias Engel
  • Event: Chaos Communication Congress [31c3]

Companies are now selling the ability to track your phone number whereever you go. With a precision of up to 50 meters, detailed movement profiles can be compiled by somebody from the other side of the world without you ever knowing about it.

Watch Video

 

 

Woldwide Tracking Services

Not just for Governments and Intelligence Agencies

SS7 network has been used by Intelligence agencies and various entities to track location of customers and help in the interception of calls and SMS.

Cellular carriers, VoIP providers, and third-party SMS services that piggyback on the global cellular network all have access to SS7, and some choose to share or sell that access with others.

Learn More

Commercial Tracking Services

 

How are the networks vulnerable?

We can demonstrate a variety of ways SS7 is used for street-level mobile phone localization, data theft, remote interception of calls, and more…
Here are some basic examples.

Cell-Level Tracking

In cities, it is possible to track subscribers down to street level.

HLR block/filter bypass

Circumvent this by querying the Visitors Location Register instead and still obtain the global cell ID.

One method of billing fraud is via USSD codes

Execute Remote Commands

USSD codes can be executed on behalf of the subscriber

Prepaid Credits

Some carriers offer transfer of prepaid credits via USSD

Call Forwarding

Call forwarding can be set/deleted without the users knowledge

Remote interception of telephone calls

Call is routed to attacker’s system. Attacker bridges call to original called party and records the conversation

 

The Solution

ESD OVERSIGHT

The First Cellular Network Firewall

 

ESD OVERSIGHT – Detect

  • Analysis of protocol data and alarm/logging of events
  • No network interference (passive connection via network tap)

 

ESD OVERSIGHT – Protect

  • Active firewall solution

 

 

ESD Oversight Server

SS7 Network Penetration Testing

The Oversight SS7 testing & consulting offering is designed to assist a mobile network operator in finding out up to what extent network elements (HLR, VLR/MSC, SGSN) under the client’s management are vulnerable against certain known SS7/MAP attack vectors.

Penetration tests are being carried out for a selection of cellular carriers around the world who have recognised the need to ensure their networks and their subscribers are protected from the potential damaged these vulnerabilities expose.

Download Brochure

 

ESD Oversight SS7 Penetration Testing

Benefits for Network Providers

The first deployments of ESD Oversight have provided immediate benefits

Less Foreign Surveillance

Reduced foreign surveillance activity on cellular networks

Safer Network

Reduced unrecognized SS7 traffic requests

Reduced Costs

Immediate reduction in billing fraud

ESD America is a proud supplier of technology and services to the US Department of Homeland Security.
+