If you are a #5G network engineer there is a chance that you know a little about this. However, if you spend your day working on cell tower designs and cellular network architecture, you may not be fully aware of the vulnerabilities in Signaling System Seven (SS7), the foundational terrestrial networking technology for 5G. Bad news, there are known security issues with SS7. The good news is that there is a brilliant new technology to harden #cybersecurity in SS7 supported networks.

From heaven to earth

Everyone is excited about the advantages of 5G networks. In fact, 21% of all wireless infrastructure investment will be related to 5G. It will provide much faster speeds and lower latency, enabling many new and improved mobile applications in robotics, medical devices, manufacturing, and personal communications. These operations are largely made possible by new-generation radio technology that deploys a greater number of cell towers than 3G or 4G network designs.

What Happens in the Sky Does Not Stay in the Sky

Cell phone towers communicate with cellular devices like smartphones and other mobile devices through over-the-air radio technology. This is not news. However, it gets interesting when you follow the cellular signal from one end to the other. What happens when you press the phone icon or the send button on your mobile device? Where does the signal go after it reaches the cell tower?

There is a massive terrestrial network that supports cell radios. These networks use standard telecommunication protocols like SS7 for basic functions such as call setup, call drop, routing, administration, billing, number translation, SMS, and other useful features. SS7 was introduced by Bell Labs in the 1970s, adopted as an international standard in 1988, and is still widely used for setting up both landline and cellular calls today. Using SS7 allows operators to service calls from older analogue technology as well as IP network equipment. This is achieved by setting up a virtual channel for signaling that is separate from the voice conversation channel. The signaling channel is not accessible to the caller, only the dedicated support team.

Because SS7 was developed before the wide adoption of digital encryption and authentication, these control messages can accommodate eavesdropping and forged signals. These vulnerabilities can allow cell phone users to be tracked, two-factor authentication to be bypassed, and #malware to be installed on compromised computers.

Why is SS7 still used as the basis for new 5G networks? New 5G towers and radios must also be compatible with the huge number of older 3G and 4G radios. To seamlessly accommodate both old and new generation technologies, a common signaling platform must be used. On the business side, there are billions of dollars invested in SS7 networks. It would be cost-prohibitive to replace the foundation of the legacy base network while also investing in a widespread 5G cellular deployment.

Network Protection for Operators

Given the critical nature of applications being developed for 5G networks, security experts suggest that operators be vigilant in making sure their networks are well protected. Some ideas include constantly monitoring the network for bad actors and anomalies as well as deploying strong security tools. As the threat environment changes, network operators must constantly review their security profile and update their tools to protect against the latest threats and close persistent vulnerabilities.

Connecting Failsafe Security Tools

A new and unique cybersecurity system introduced by Network Critical is INVIKTUS. This is a new #ZeroTrust technology that provides an extra layer of security blocking hackers from potential back door openings to your network. How does it do that?

First, INVIKTUS is invisible to the network. Hackers can not attack what they can not see. Therefore, when INVIKTUS is deployed, the access rules, filters, and policies that you configure can not be altered by malicious invaders. INVIKTUS will read all traffic and immediately compare it to pre-set policies. Any requests for policy changes or updates are ignored so only validated traffic is passed through. All other traffic is dropped.

Understanding that real estate is a prime concern in cellular networks, INVIKTUS is designed to provide maximum security in a minimal physical space of 1RU. Having no IP or MAC address allows INVIKTUS to be completely invisible to the network. It also does not add any latency to the network. This maximum security device is designed in a carrier hardened chassis with dual power supplies for uninterruptible performance.

Old and New Can Coexist

While the latest 5G cellular technology is riding on a legacy PSTN infrastructure, it is still possible to provide the promised new features as well as reliable cyber security. SS7 is an important technology providing operational coexistence with 3G, 4G, and 5G infrastructure. With the right security tools, the promise of 5G may be fully and safely realized. For more information on maximum cybersecurity for 5G carrier networks go to https://www.networkcritical.com/contact-us.