FCC releases long awaited CSRIC WG10 report on SS7 vulnerabilities

The report on vulnerabilities and risks inherent to the Signaling System #7 (SS7), which was ordered by the FCC from a specially formed group (CSRIC Working Group 10) thanks to the efforts, amongst other, of Congressman Ted Lieu, has finally been released.
A copy of the report can be downloaded here.

The working group aknowledges the vulnerabilities that are long known to exist in the SS7 network, and urges operators to follow the recommendations of the GSMA on adressing them. GSMA’s recommendations include among others the performing of regular external vulnerability assessments, as well as the implementation of specialized SS7 firewalls.
The working group also aknowledges that attacks on the SS7 network have taken place, and advocates end-to-end encryption as a potential permanent solution for subscribers, although the intelligence community typically sees strong encryption as a double edged sword.

Finally, the report points to Diameter signaling, which is intended to one day fully replace SS7, as an area of potential future concern, as well as potential vulnerabilities in ANSI-41 signaling and SIP signaling.

The Telecom Defense Company’s remote SS7 and Diameter vulnerability assessments can help operators identify and quantify the actual vulnerabilities that exist in their networks.