ITU Brainstorming session on SS7 vulnerabilities and the impact on different industries including digital financial services
Geneva, Switzerland 22 October 2019
Contact:
tsbevents@itu.int
Programme
- Opening remarks
- Introduction to Brainstorming session and panel
- Telco view on key vulnerabilities of signaling protocols, including SS7
Moderator: Darryl Kelly, Director, Global Sales Signalling Security, Adaptive Mobile Security [Bio ] - Description of vulnerabilities and potential risks
- Overview of GSMA activities
- Securing the Network
- Overview of what is going on in Telco industry
- Operator’s view on the issue
- Impact of vulnerabilities on Telco plus overview of potential subject for standardization/certification
- Adoption rate of signaling countermeasures in Telco
- View from the financial world on impact of vulnerabilities of signaling protocols on over the top services including digital finance services (DFS)
Moderator: Felix Polianksi, Creditpilot [Bio] - Statistics for incidents
- DFS ecosystems and projections of SS7 vulnerabilities on these ecosystems
- Wrap-up – standardization roadmap on the subject matter
Moderator: Assaf Klinger, Head of R&D, Vaulto [Bio ]
Ongoing standardization activities
Ongoing activities of Financial institutions (e.g. some of the FIs move away from telco due to vulnerabilities)
Potential new areas for standardization
Open discussion: potential new areas for standardization
- Closing
Panellists
Vincent Schaeken Talking Points
- Securing the network from adversaries: GSMA recommendations Categories 1-3
- What’s in a name? From 2G to 5G: the attacker’s relentless endeavours
- The importance of continually adapting to growing attack sophistication: Simjacker
|
Darryl Kelly Director, Global Sales Signalling Security, Adaptive Mobile Security [Bio]
Talking points
- Telecoms Signalling Moderator
- Introduction to Brainstorming session and panel
- Telco view on key vulnerabilities of signaling protocols
|
|---|
Assaf Klinger
Talking points
What can be done to increase the implementation rate of mitigation measures? What other mitigation measures are available today or can be developed for the future? Use-cases, inputs from participants that were involved in implementation of mitigation measures and their lessons learned in the process.
How can the industry be harnessed to create an incentive for implementing mitigation measures?
|
David Maxwell
Talking points Overview of GSMA work on interconnect signalling security Business case for implementing countermeasures
Recommended response and controls for mobile network operators
Intelligence sharing amongst operators
|
Krystina Vrublevska
Talking points Importance: The impact of SS7 vulnerabilities on the telecom. Defence: Implementation of Firewalls (SS7 FW, SIP FW, Diameter FW)
Investigation: Analysing of blocked signalling messages on the Firewalls
Honeypot solution: Providing fake information to the attackers to find the intention behind the attacks, the pattern of attacks, adversaries and predict future attacks
Joint action:
Exchange of the information about the attacks between the operators Development of the auditing and certification system
Involving international legal authorities
|
Richard Kerkdijk
Talking points - The state of signaling security practices at European telecoms providers – findings from annual telco security benchmark.
|
|---|
Xiaojie Zhu
Talking points
- Technical and administrative issues of SS7 vulnerabilities from telco perspective
- China Telecom’s countermeasures for SS7 vulnerabilities
- Challenges and suggestions for SS7 security improvement
|
Richard Hill
Editor of E.156 and E.157 [Bio I Presentation ]
Talking points
- Recommendation ITU-T E.156 outlines the procedures that the TSB Director should undertake when he has received reports of alleged misuse from members, including methods to address and counter any alleged misuse when such reports are brought to his attention.
- Recommendation ITU-T E.157 provides guidance for international calling party number delivery which is technology neutral. It also clarifies the relationship between calling party number delivery and number identification supplementary service.
- This presentation will explain the key provisions of those recommendations and summarize work that is currently taking place to revise them so that they effectively address current issues.
|
|---|
Tony Swales
Mobile Core Network Engineer (roaming), Sunrise, Switzerland [Bio I Presentation ]
Talking Points -
Filtering complexity
- Industry cooperation
- Other unusual signaling that can cause false positives
- The role of SMS Home routing in the signaling flow
- Can signaling carriers play a role
|
Felix Polianski [Bio]
Credit Pilot
Talking points
-
Nodes of major SS7 impact onto financial sector
- DFS/MFS ecosystem vulnerabilities to SS7
- Attempts to circumvent SS7 vulnerabilities
|
|---|