Positive Technologies Study: 100% of Real SMS Interception Attacks Succeed

Today, cybercriminals are not only aware of security issues in signaling networks, but are actively exploiting these vulnerabilities. According to monitoring results from Positive Technologies, attackers are tracking subscribers, intercepting calls, bypassing billing systems, and blocking users. Just one major operator with a subscriber base of several tens of millions faces more than 4,000 cyberattacks every day.

Security monitoring projects in SS7 networks were conducted for major telecom operators in Europe and the Middle East. Attacks aimed at fraud, disrupting subscriber availability, and intercepting subscriber traffic (including calls and SMS messages) accounted for less than two percent of all attacks. However, these threats are the most dangerous for users.

The study found that 100% of attacks targeting SMS interception were successful for attackers. The theft of one-time codes transmitted via SMS can compromise online banking systems, mobile banks, online stores, government service portals, and many other services. In 2017, an example of such an attack was the interception of SMS messages from subscribers of a German mobile operator, resulting in the theft of funds from users’ bank accounts.

Another type of attack—denial of service—poses a threat to Internet of Things (IoT) devices. Today, not only individual user devices are connected to mobile networks, but also elements of smart city infrastructure, modern industrial enterprises, transportation, energy, and other companies.

Serious concerns are also raised by fraud targeting operators or subscribers. A significant portion of these attacks involved unauthorized USSD requests (81%). Such requests can be used to transfer money from a subscriber’s account, subscribe them to expensive services, or send phishing messages on behalf of a trusted service.

The security of mobile networks remains low, as confirmed by the results of SS7 network security analysis presented in the first part of the report. The sample included data from 24 of the most informative projects in operator networks in Europe (including Russia) and the Middle East in 2016–2017, half of which had subscriber bases of over 40 million people.

In almost every network, it is possible to eavesdrop on subscriber conversations or read incoming SMS messages, and fraudulent operations can be successfully carried out in 78% of networks. All networks contain dangerous vulnerabilities that allow attackers to disrupt service availability for subscribers.

“Operators are aware of the existing risks and are taking action: in 2017, all studied networks had SMS Home Routing systems in place, and every third network had a system for filtering and blocking signaling traffic,” notes Dmitry Kurbatov, Head of Telecom Security at Positive Technologies. “But this is not enough. As of today, all networks remain vulnerable due to both specific cases of incorrect equipment configuration and architectural problems in SS7 signaling networks that cannot be eliminated with current tools.”

The report notes that only a comprehensive approach to security—including regular security assessments, keeping network settings up to date, continuous monitoring of signaling traffic, and timely detection of unauthorized activity—can provide a high level of protection against criminals.

Earlier, the magazine “Hacker” reported on SMS security flaws and bypassing two-factor authentication.