SS7 network was not designed with security and privacy aspects in mind, thus it does not include any protection and authorization mechanisms. Security was not needed as SS7 was always a part of the closed managed network, strictly controlled by the telecom carriers. It used to be impossible for third parties to get unauthorized access to the SS7 network.
With implementation of SIGTRAN protocol, providing SS7 connectivity over IP and huge number of operators connected in the SS7 network, situation has changed dramatically. Market changes and deregulation has allowed easier access to the SS7 network. A number of carriers and other companies such as MVNOs, SMS aggregators, number portability services and OTT players has grown to an extent where it is hard to say that all parties in the SS7 are trusted by default. With SIGTRAN, SS7 messages are sent over the IP network, opening opportunities for hackers to access the network and increasing the vulnerability of the network. Once someone has access to the SS7 network in one territory, they have access to the global SS7 network and all subscribers worldwide.
Today, mobile users are exposed to several potential privacy, fraud and denial of service attacks, traffic interception, location tracking, and different service disruptions. To get more details on the potential attacks, on the reasons why mobile carrier should care about it, how to protect from these attacks and how Deverto SS7 Fraud Protection solution can help you, please download the technical paper Security Challenges in SS7 Network.