Why a mobile network needs to be retested for SS7 vulnerabilities after installing an SS7 firewall

The Telecom Defense Limited Company recently completed a SS7 vulnerability assessment for a mobile operator in Europe who had just deployed an SS7 firewall. The operator wanted to ensure, through an independent third party test, that the firewall is doing its job and that no vulnerabilities were left unprotected.

While we found that the firewall was remarkably good at protecting most of the vulnerabilities that are within the scope of our remote SS7 penetration test (things such as leaking of IMSIs, leaking of subscriber location, call intercept, denial of service attack surfaces etc), we were able to discover a handful of vulnerabilities, with low to high severity, that were left unprotected.
Our detailed report allowed the operator to go back to their firewall vendor and address the remaining vulnerabilities to ensure a 100% secure network.

This engagement illustrates why it is important for operators to not only perform initial SS7 vulnerability assessments on their networks, but also retest the network after vulnerabilities are deemed re-mediated, as well as re-test on a periodic basis (at least annually), in order to ensure that no new vulnerabilities have appeared after applying patches or upgrades to existing network nodes or to the firewall itself.

The Telecom Defense Limited Company can guide an operator through the remediation process from start to finish, including assistance with the RFP process for an on-premises SS7 firewall, to ensure that the selected firewall vendor effectively protects against all known vulnerabilities. Considering that the deployment of a network-wide SS7 firewall can be a multi-million dollar project, it’s a wise investment to have an independent third party ensure that the selected firewall is serving its purpose, before a purchase order is issued.