Information security now!
Information security threats targeted against the confidentiality of mobile communications
06.05.2015 klo 14:16
Recently, several threats weakening the confidential communications of mobile communications have been discussed publicly. Malware in smartphones have become more common, monitoring of telephone communication and telephones' identification information is possible e.g. by means of false base stations, and a suspected data break-in targeted against a manufacturer of SIM cards was revealed in early spring.
In addition, methods intended for abusing SS7 message traffic for severe information security violations were discussed at an information security conference held in Hamburg in December 2014.
The National Cyber Security Centre Finland (NCSC-FI) at FICORA wants to remind that mobile network services are also exposed to information security threats. Therefore, everyone should think carefully the information that is communicated via a mobile network and how it is safe to communicate by means of a mobile network. Instead of a mobile network, a communications system with end-to-end encryption should be used particularly for transferring sensitive information.
SS7 messages are essential with regard to the function of a mobile network because they enable, among other things, the transfer of calls and other messages within a telecommunications operator's own network and between networks of different telecommunications operators.
The solutions for SS7 message transfer between telecommunications operators were planned in the 1970s and 1980s. From the start, the network has been constructed as a closed network and the involved parties have been trusted. The possibilities for abusing the network exploit this operation model based on the trust between the actors.
By abusing SS7 messages, it is, in some cases, possible to:
- find out and follow the location of the user
- tap and record calls
- decrypt radio communication
- disconnect a subscription from a mobile network, i.e. blocking of communication; and
- manipulate the invoicing of a subscription fraudly.
In order to utilise the abuse, it is required, however, to have access to the closed network between telecommunications operators transferring SS7 messages, as well as particular familiarity with the function of the SS7 system and background information on the internal structure of the network belonging to the targeted telecommunications operator. This means that ordinary users cannot implement the utilisation of the possibilities for the abuse.
The NCSC-FI at FICORA takes very seriously the possibilities to abuse the SS7 network. On the basis of reports made by the NCSC-FI, Finnish telecommunications operators have not detected that abuse cases mentioned in Hamburg and related to the SS7 message transfer would have occurred in their own networks.
Finnish telecommunications operators are protected against some of the abuse methods. Measures for having additional protection and improving detection capability have been initiated by means of cooperation between telecommunications operators and authorities.
Mobile services can safely be used for normal communication. However, it is recommended to think twice if the message content needs to be protected. When making this assessment, one can, for example, consider who might benefit from the content or if the disclosure of one's location is critical. A mobile network is not suitable for transferring sensitive information due to information security threats targeted against it.
The use of encryption technologies improves the security of communications. More information on protecting communications is available in the NCSC-FI's updated guidelines for protecting communications.
Encryption products, approved by FICORA's NCSA activities, are available for transferring classified authority information.
- Guidelines for protecting communications
- Guidelines for safe use of mobile phone (in Finnish) [pdf, 417 KB]
- Encryption products approved by the NCSC-FI (in Finnish) [pdf, 205 KB]