Protocol of Telephony which is newer to Diameter Just As Vulnerable As SS7

  • 0

Protocol of Telephony which is newer to Diameter Just As Vulnerable As SS7

Category : Uncategorized

Protocol of Telephony which is newer to Diameter Just As Vulnerable As SS7

Protocol is the special set of rules that end points in a telecommunication connection use when they communicate. Protocols specify interactions between the communicating entities.

Security researchers say the Diameter protocol used with today’s 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier.

Both Diameter and SS7 (Signaling System No. 7) have the same role in a telephony network. Their purpose is to serve as an authentication and authorization system inside a network and between different telephony networks (providers).

The difference between these two is that while SS7 did not use any type of encryption for its authentication procedures, leading to the easy forgery of authentication and authorization messages, Diameter supports TLS/DTLS (for TCP or SCTP, respectively) or IPsec.

 

Protocol

 

4G operators often misconfigure Diameter

According to research published last month by Positive Technologies detailing Diameter’s use among mobile networks across the globe, the protocol’s features are rarely used.

The incorrect use of Diameter leads to the presence of several vulnerabilities in 4G networks that resemble the ones found in older networks that use SS7.

Researchers say that the Diameter misconfigurations they’ve spotted inside 4G networks are in many cases unique per each network but they usually repeat themselves to have them organized in five classes of attacks: (1) subscriber information disclosure, (2) network information disclosure, (3) subscriber traffic interception, (4) fraud, and (5) denial of service.

 

4G operators

 

Subscriber and network information disclosure

Subscriber and network information disclosure, allow an attacker to gather operational information about the user’s device, subscriber profile, and information about the mobile network in general.

Such vulnerabilities can reveal the user’s IMSI identifier, device addresses, network configuration, or even his geographical location —helping an attacker track users of interest as they move about.

 

Subscriber

 

 

Subscriber traffic interception

The third vulnerability, subscriber traffic interception, is only theoretically possible because both SMS and call transmission often establish channels with previous-generation protocols that do not use the Diameter protocol for authentication.

Nevertheless, Positive Technologies researchers warn that if the attacker is set on SMS and call interception, he can at any time downgrade a Diameter-capable 4G connection to a previous-generation connection and use flaws in SS7 and other protocols to carry out his attack.

 

traffic

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Leave a Reply

Show Buttons
Hide Buttons