Mobile Interconnect Threats: How Next-Gen Products May be Already Outdated is a conference presentation about vulnerabilities in SS7 networks and the potential risks for mobile network operators. The talk focuses on the security of new equipment being deployed to detect attacks and protect customers.
- SS7 networks were initially designed without security protocols, making them vulnerable to attacks
- Mobile network operators are deploying new equipment to detect and protect against attacks
- The talk describes vulnerabilities discovered in SS7 firewall vendors and how to assess the security of such products
- The speaker's employer is Orange, a European operator with many affiliates worldwide
- The presentation includes a technical overview of the sequence stack and the different layers of the Sigtran stack
- The speaker's team developed a tool called Pornss7 to modify and generate packets that can be processed by the sequence stack of the SS7 firewall
- The talk includes a pseudocode example of how to bypass detection from the SS7 firewall at the IP level
The speaker shared a personal anecdote about his mobile SIM card from Orange, his operator in France, not working in the US because the US operator did not have the necessary secret to authenticate him. This highlights the need for interconnectivity between operators and the potential risks associated with it.