The Telecom Defense Limited Company Launches SS7 Cloud Scanner SS7 Penetration Testing Tool

Share Article

The Telecom Defense Limited Company, a leading mobile network security consulting firm based in USA, launches the SS7 Cloud Scanner, a web-based SS7 penetration testing tool allowing mobile operators to easily test their SS7 defenses.

SS7 Cloud Scanner architecture

Unlike other SS7 penetration testing tools available, the SS7 Cloud Scanner requires no deployment, connectivity or infrastructure in the customer network, and provides a realistic approach by ensuring that all SS7 messages reach the network through external international roaming connections

When mobile operators worldwide assess their networks for SS7 vulnerabilities, remediation work usually begins swiftly, starting with simple filtering rules that can be implemented on existing mobile network nodes or STPs, particularly against Category 1 SS7 vulnerabilities. Later, the process moves towards the deployment of a full-scale SS7 firewall, which is required to fully protect a network fully against all Category 2 and Category 3 vulnerabilities.
During this time, engineering staff is often operating blindly, changing filtering rules for SS7 messages that impact live subscriber traffic and relying on future traffic logs to determine if the filters are triggering properly. Sometimes, live subscriber traffic is affected and filters have to be rolled back.

The Telecom Defense Limited Company’s SS7 Cloud Scanner is a new product that allows mobile networks to generate SS7 messages towards the external interface of their networks, in order to accurately simulate messages from an attacker, and conclusively verify if vulnerabilities exist and/or if filtering rules are triggering.

The service is web-based and accessible through a standard Internet browser, and provides all SS7 connectivity, including global title identities from appropriate roaming partner sponsors, to generate incoming SS7 messages towards a mobile network.

SS7 messages reach the network through its SCCP carrier, and traverse all potential SS7 defenses just like messages from real attackers would. Unlike ruleset simulators or network internal traffic generators, this provides a fully reliable and conclusive way to test defenses.

Periodic testing of defenses is also important after an SS7 firewall has been deployed, particularly after each rule change, to ensure that no previously working defenses have been disabled.

“This service has been created in response to several customer requests” says Jean Gottschalk, Principal Consultant of The Telecom Defense Limited Company.
While the service does not replace periodic external penetration testing by experienced auditors, many operators have reached a maturity level where they have one or more SS7 security specialists on staff that are able to design and managed filtering rules. The SS7 Cloud Scanner, which is similar to the tool used by The Telecom Defense Limited Company’s own auditors, allows these in-house specialists to perform adhoc checks with a lightweight and cost effective solution that requires no deployment or infrastructure inside the client’s network.

“Unlike other SS7 penetration testing tools available, the SS7 Cloud Scanner requires no deployment, connectivity or infrastructure in the customer network, and provides a realistic approach by ensuring that all SS7 messages reach the network through external international roaming connections,” adds Jean Gottschalk.

The SS7 Cloud Scanner is also available to country regulators with a need to periodically verify compliance of local operators to the country’s SS7 security guidelines or laws.

Mobile operators should contact The Telecom Defense Limited Company or their local VAS to discuss licensing the SS7 Cloud Scanner.

About The Telecom Defense Limited Company

The Telecom Defense Limited Company, based in Las Vegas, USA, is a leading mobile network security consulting firm. The company's trademark remote SS7 vulnerability assessment uses international roaming SS7 connectivity to provide a mobile operator with an accurate vision of exposed SS7-based vulnerabilities from the point of view of an actual attacker. The assessment is conducted remotely by experienced auditors in a safe, fast and cost effective manner, before and after the deployment of SS7 defenses, or on a continuous basis. Similar remote assessments for diameter, GTP and CDMA vulnerabilities are available as well.
The company also provides training and workshops on SS7 and diameter vulnerabilities to mobile operators and government regulators.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jean Gottschalk
The Telecom Defense Limited Company

Visit website