Mobile Cybercrime - Don’t Leave Your Customers Vulnerable

MARK WINDLE

Mobile Cybercrime - Don’t Leave Your Customers Vulnerable

XURA NETWORK SECURITY SURVEY WEBINAR2 |

How secure are mobile networks?How aware of the risks are consumers?What do consumers worry about?How do consumers protects themselves?What role does the network operator have?What are operators doing to improve security?

Agenda


Audience Participation Q1

iPhone users vs Android users – which group places themselves at more risk of mobile-related cybercrime? iPhone users Android-based phone users

In-fill question:This webinar is going to talk about security weaknesses in the telecoms network rather than compare security of different handset operating systems, but does the type of handset make any difference to how exposed consumers are to network vulnerabilities?


Audience Participation Q2

To what extent are you aware that SS7 networks are vulnerable to hacking/abuse ? What’s SS7? Not at all aware Somewhat aware Aware and familiar with some of the details Very aware and familiar with most of the details Expert knowledge of the issue I disagree: SS7 is totally secure

In-fill question:I know we're going to avoid the technical detail of SS7 during this webinar, but for those that want more technical information, where can they find it?


Audience Participation Q2 Results

To what extent are you aware that SS7 networks are vulnerable to hacking/abuse ?

RESULTS


How secure are mobile networks?How aware of the risks are consumers?What do consumers worry about?How do consumers protects themselves?What role does the network operator have?What are operators doing to improve security?

| XURA NETWORK SECURITY SURVEY WEBINAR7

What is SS7, and why is it important?

Authentication

MobilityCharging

Policy

Personalization

Calls and messaging with subscribers on other networks

RoamingCall control and

messaging

It’s what makes the network work

Carries the mission-critical, real-time data between network elements

$€£

Subscriber identity

Subscriber device type

Connection types and status

Subscriber location

Address of control elements

Address of charging elements

Usage policy settings

Subscriber service settings

Other Network

s


How do hackers get access to SS7?

Generally

Outside the network

Hubs (including GRX and IPX)

Other Networ

ks

SIGTRAN replaced physical TDM links

Interconnection to other networksInterconnection via hubs

Other Network

s

Network elements including VAS

systems SMSC IN etc

External connectivity from other networks and hubs via

STPs, Signaling Gateways and Media Gateways

Signalling connection to 3rd parties

Signaling connections and

signaling end-point addresses leased to

3rd parties

3rd Parties

Inside the networkNetwork elements require signalling access


What can hackers do via insecure SS7?

Subscriber privacy is lost: Location can be determined Calls can be blocked, diverted and intercepted Messages can be blocked, diverted, intercepted and

manipulated

Subscriber identity may be abused: Secure access codes received by SMS can be stolen

Network operation is at risk: Denial of service (DoS) attacks

Operator is exposed to fraud: Bypass of prepaid billing & roaming fraud

Revenue Loss & Fraud Billing may be bypassed Revenue lost from blocked calls $Reputation & Churn Poor service quality Fraud Security breaches

Compliance & Liabilities SLA failure penalties Lawsuits Regulator fines

Subscriber is exposed to fraud: Fraudulent enrolment to premium-rate messaging services Fraudulent call diverts to premium-rate numbers USSD commands may be used to transfer balance between

subscriber accounts


The vulnerabilities are real. SS7 abuse is happening.

More than 350 network deployments worldwide Serving more than 3 billion end-points Providing network security solutions for more than 10 years

100%

of networks tested have vulnerabilities

Roaming Fraud $$

Pre-Paid Charging Bypass Fraud $$$

Location Tracking

Call Interception

SS7 exploits detected


Mobile networks are not secure


Audience Participation Q3The following exploits have been associated with the vulnerabilities in SS7. Which do you think pose the biggest threat to network operators? (Pick up to 3) Monitoring subscriber service usage and

communications Tapping, interception or re-routing of voice calls Tapping, interception, re-routing or manipulation of

messaging Use of subscribers identities to gain fraudulent access

to telecom services Denial-of-service attack impacting general service

availability Denial-of-service attack on targeted subscribers Bypass of operator charging and billing functions Subscriber location tracking

In-fill question:It seems that one of the root causes is that operators lease SS7 connections to third parties that can't be trusted. Why do they do that?


Audience Participation Q4As a result of SS7 attacks, which of the following possible effects would be likely to cause the most significant pain for mobile network operators?(Pick up to 3) Increased churn Litigation from subscribers Litigation from enterprise customers Additional legal or regulatory requirements Fines imposed by regulators Loss of preferred roaming partner status Increased losses to fraud Loss of operating service revenues Devalution of company stock/shares

In-fill question:What's motivating people to hack mobile networks and subscriber?


Mobile networks are not secureHow aware of the risks are consumers?What do consumers worry about?How do consumers protects themselves?What role does the network operator have?What are operators doing to improve security?


SS7 vulnerabilities have been publicized in consumer media

German researchers discover a flaw that could let anyone

listen to your cell calls.

Phone network hack means anyone can listen in on any mobile call

Cellular Privacy SS7 Security Shattered

at 31C3

September 2015: “Hackers exploit SS7 vulnerability to spy on Australian senator: report”

December 2014 : Annual Chaos Communication Congress event held in Hamburg …

April 2016: “Sharyn Alfonsi reports on how mobile phone networks are vulnerable.”

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http://gotspy.com/links/threatpost&ei=HDilVLibH-PU7AaY64H4Dg&bvm=bv.82001339,d.ZGU&psig=AFQjCNH0LLyMMZA_D_5QXVZnIPO_rhoMAQ&ust=1420200334495718


Xura Research Project

To understand subscribers’ perceptions and attitudes to the risks and consequences of mobile phone use and ‘attacks’ via SS7


Respondent Demographics 1667Total

537 535 595

MALE

FEMALE

45%55%

MALE

FEMALE

45%

55%MALE

FEMALE

48%52%

PREPAID

MONTHLY

26%74%

PREPAID

MONTHLY

26%74%

PREPAID

MONTHLY

16%84%

22% 18-30 yrs

36% 31-50 yrs42% 51+Survey conducted in Quarter 3 2016


Awareness of the problem and risks is low amongst consumers – and somewhat confused

30% YESAre you aware (or have you heard) of any security weakness in mobile phone networks that could make it possible for "hackers" to perform acts like those described below?

Make fraudulent calls to “premium rate’ numbers at the subscribers expense

Register subscribers to "premium rate" messaging services

Track the location of the phone Listen in to and record phone calls Intercept and possibly modify SMS text

messages Prevent the subscriber from making calls,

sending SMS texts or getting a data connection from your mobile

Aus : 28%UK : 32%US : 29%

21% of those (6% of total) indicated specific awareness of SS7 related vulnerability. Other root causes given included: OS vulnerabilities – 9% App vulnerabilities – 6% Operator data leaks – 3%

Vulnerabilities in Bluetooth, the Air Interface and WiFi were also mentioned, as well as voicemail hacking.

I have heard about journalists using hackers to listen on celebrities'

conversations, and record them to get news.

http://www.cbsnews.com/news/60-minutes-hacking-your-phone/




Mobile networks are not secureConsumers do not understand the risksWhat do consumers worry about?How do consumers protects themselves?What role does the network operator have?What are operators doing to improve security?


Audience Participation Q3 ResultsThe following exploits have been associated with the vulnerabilities in SS7. Which do you think pose the biggest threat to network operators?

RESULTS


Which "hacks" do you feel are most likely to happen to you?

UK subscribers (58%) feel significantly more at risk of becoming victims of fraudulent calls being made at their expense, or being fraudulently registered for premium rate SMS services. Location tracking is a bigger concern for US citizens (46%).

Approx.

40%45% Fraudulent calls made at the subscribers expense38% Fraudulent registration for premium SMS services40% Location tracking

ALL Aus UK US Female Male 18-30 31-50 51+

-10%

0%

10%

20%

30%

40%

50%

60%

Fraudulent Calls SMS Subscriptions Location TrackingCall Interception SMS Interception Denial of Service

18-30 year olds (53%) feel significantly more at risk of becoming victims of location tracking. Fraudulent calls is a bigger concern for the over 50’s (50%).

If it was possible for "hackers" to hack your mobile network provider and do the things described above, which "hacks" do you feel are most likely to happen to you? (Select up to 3)


How severely do you feel you would be affected if these "hacks" happened to you?

US subscribers generally feel they would be less badly affected than their UK and Australian counterparts, except for Denial of Service attacks.

52% Severely or Badly affected

The over 50’s are more concerned about the impact of fraudulent calls, while 18-30 years olds are more troubled by location tracking and call and SMS interception.

Fraudulent Calls

SMS Subscriptions

Location Tracking

Call Interception

SMS Interception

Denial of ServiceAllAusUKUS

52%

37%

36%

39%

58%

Gender plays a big role with males expecting to be significantly less badly affected than females across all types of threat.


Mobile networks are not secureConsumers do not understand the risksConsumers are worried about fraudHow do consumers protects themselves?What role does the network operator have?What are operators doing to improve security?


What rules do you use to decide whether to grant “apps” permission to access other features or data on your phone?

Aus UK US ALL0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

None Ad hoc rules Strict rules

22% NONE

Males are marginally more likely to simply accept permissions than females (24% vs 21%) but are almost twice as likely to apply strict rules (11% vs 6%)

Those aged under 30 are more than twice as likely to simply accept permissions than those aged over 50 (32% vs 15%) The application of Strict Rules doesn’t vary with age.


How often do you check your balance/bill to verify you have been correctly charged?

All

Pay

Mon

thly

Prep

ay All

Pay

Mon

thly

Prep

ay All

Pay

Mon

thly

Prep

ay All

Pay

Mon

thly

Prep

ay

ALL Aus UK US

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

"Monthly or more""A few times per year""Never"

ALL

32% NEVER

Highest ARPU subscribers (top 20%) are only slightly more likely to check their bills56% check monthly or more frequently compared with average of 51%

Males and females are equally likely to check their bills every monthUK Females marginally less so (43%) than UK Males (49%)

When someone else pays the bill 52% of phone users will never check they have been correctly charged

Those aged between 31 and 50 are least likely to check their bills monthlyOverall variance is small, ranging from 44% to 55%


Audience Participation Q1 Results

iPhone users vs Android users – which group places themselves at more risk of mobile-related cybercrime?

RESULTS


iOS

54% more likely never check their bill

than Android device users

more than 2x apply no rules

when granting App permissions.


Mobile networks are not secureConsumers do not understand the risksConsumers are worried about fraudThey don’t protect themselvesWhat role does the network operator have?What are operators doing to improve security?


Audience Participation Q4 ResultsAs a result of SS7 attacks, which of the following possible effects would be likely to cause the most significant pain for mobile network operators?

RESULTS


Fraudulent Calls

SMS Subscriptions

Location Tracki

ng

Call Interce

ption

SMS Interce

ption

Denial of S

ervice

0%10%20%30%40%50%60%70%80%90%

100%

Not at all protectedSlightly protectedModerately protectectedWell protectedCompletely protected

How well does your mobile network provider currently protect you from "hackers“?

UK subscribers feel marginally less protected by the network operator than their Australian and US counterparts. This is most noticeable in relation to SMS Interception.

61% Moderately or better


If you became aware that you had been a victim of these "hacks", what action(s) would you most likely take ?

1 in 3 would inform the telecom regulator – Australians more so (45%) than Americans (24%) who are more likely than average to share the incident via social media.

Half (49%) would seek compensation from their mobile network provider. In the UK, this figure rises to 54%. Younger generations are more likely to follow this course of action than the over 50’s.

29% would change their provider either immediately (22%) or at the next renewal date (7%). The young are more likely to change providers than the old.

Do nothing

Switch to using 'Apps' to make calls and send messages more securely

Change my mobile network provider at the next renewal date

Change my mobile network provider as soon as possible

Change my mobile network provider

Seek financial compensation from my mobile network provider

Get a new mobile number, but stay with my current mobile network provider.

Report the story on social media (e.g. via twitter or facebook) or via the press

Inform my national telecoms regulator

Inform the police

0% 10% 20% 30% 40% 50% 60%

2%

8%

0.0683863227354529

0.223155368926215

0.291541691661668

0.485902819436113

0.239352129574085

0.143971205758848

0.32873425314937

0.539292141571686


Mobile networks are not secureConsumers do not understand the risksConsumers are worried about cybercrimeThey don’t protect themselvesThey hold network operators responsibleWhat are operators doing to improve security?


We’re working with operators in every continent to improve security

Fraud and Security Groups

Security Recommendations

Network Operators

SecurityProviders XURA

Audit Network Vulnerability

Monitor Threat Activity

Security SolutionsXura SS7 Firewall


2G, 3G

SS7

4G and beyond

DIAMETER

Solutions for the next signaling security challenge


QUESTIONS?


KEEPCALM

and

STAYSECURE

[email protected]

www.xura.com