Simulate attacks on telecom networks to better protect them

Telecoms networks are the target of increasingly frequent attacks by malicious actors seeking to hijack them or intercept communications. An operator like POST, which aims to protect users and gain their trust, regularly tests its network by subjecting it to a range of attacks.

“Networks are evolving more and more rapidly, especially to adapt to new usage patterns. In the past, networks were largely structured around physical components that were hard to upgrade. Now, a network is increasingly similar to a software package that can be easily and regularly updated,” says Alexandre De Oliveira, Telecom Security Expert at the POST group. “However, each update has the potential to create new vulnerabilities that can be exploited by malicious individuals or organisations. One of the challenges for security teams is to secure the entire network and software developments, as this is the key infrastructure allowing users to interact with each other or consume data.”

Simulating attacks to identify vulnerabilities

By attacking the network, it is possible to intercept communications, track users’ location, and facilitate fraud schemes aimed at stealing money from an account connected with a user or the telephone operator. Defects can also facilitate denial of service attacks, paralysing the entire network and the critical services that depend on it. “To protect themselves against risks, operators must adopt a series of measures,” says Alexandre de Oliveira. “To effectively identify and remedy new vulnerabilities, POST has introduced a tool that simulates attacks on the network. The Telecom Security Scanner permits an aggressive approach to network protection so that we can ultimately better protect users.”

Testing signalling protocols automatically

The tools works by attacking all of POST’s networks (2G, 3G, 4G and 5G), exploiting the vulnerabilities we already know about. “By carrying out our own attacks on our network, and in particular user signalling protocols (SS7, Diameter, GTP-C), we ensure that no one is able to bypass or hijack the protocols in place,” continues Alexandre De Oliveira. “Considering the frequency of updates, given the number of components making up the network, we resort to automation. This allows us to detect weaknesses much more effectively as soon as they appear.”

Securing POST's networks and those of other operators

POST simulates attacks against its own network to earn its users’ trust. Its teams also offer their expertise in this area to third-party operators wishing to strengthen the security of their network. “The solution is available to third parties wishing to take a similar approach. We operate in a non-disruptive way, without affecting the availability of the network being tested,” explains the Telecom Security Expert. “We specifically target the SIM cards provided and the operator’s infrastructure as part of the exercise.”

At the end of the operation, a comprehensive report is produced showing how protected the network is at a given moment. “The idea is to take preventive action by running a series of regular tests, just as you might check your health by attending a medical screening,” continues Alexandre de Oliveira. “The customer receives information their technical officers can use to improve the network and take preventive action. A report is also drafted for managers, flagging existing vulnerabilities and the risks to which they are exposed.”

Replicating attackers' modus operandi

With this approach, it is possible to test how well networks fare against attacks that are well-known and listed by the GSMA (a global association of telecoms operators). But the tool goes even further by allowing new loopholes to be identified and enhancing knowledge of practices and methods used to carry out fraud. “Seeking to mimic attackers’ modus operandi as accurately as possible is at the heart of our approach,” explains Alexandre de Oliveira. “To that end, we are developing in-depth knowledge of the threat to ensure the best possible protection of our networks and to improve the security of those of our customers and third-party operators.”