Mobile Interconnect Threats: How Next-Gen Products May be Already Outdated

Conference:  BlackHat USA 2019



Mobile Interconnect Threats: How Next-Gen Products May be Already Outdated is a conference presentation about vulnerabilities in SS7 networks and the potential risks for mobile network operators. The talk focuses on the security of new equipment being deployed to detect attacks and protect customers.
  • SS7 networks were initially designed without security protocols, making them vulnerable to attacks
  • Mobile network operators are deploying new equipment to detect and protect against attacks
  • The talk describes vulnerabilities discovered in SS7 firewall vendors and how to assess the security of such products
  • The speaker's employer is Orange, a European operator with many affiliates worldwide
  • The presentation includes a technical overview of the sequence stack and the different layers of the Sigtran stack
  • The speaker's team developed a tool called Pornss7 to modify and generate packets that can be processed by the sequence stack of the SS7 firewall
  • The talk includes a pseudocode example of how to bypass detection from the SS7 firewall at the IP level
The speaker shared a personal anecdote about his mobile SIM card from Orange, his operator in France, not working in the US because the US operator did not have the necessary secret to authenticate him. This highlights the need for interconnectivity between operators and the potential risks associated with it.


"Walled garden" used to be the security principle backing SS7 networks. This is no longer the case, and some attackers may benefit from access to these networks to leverage mobile network functions: geolocation, access to subscriber's profile, interception of communications. Mobile network operators now deploy new equipments to detect attacks and protect their customers. These new equipments are expected to be robust against wild traffic and safe. We describe in this talk vulnerabilities we have discovered and what we look into when assessing security of such products.