Slashdot Mirror
Newer Diameter Telephony Protocol Just As Vulnerable As SS7 (bleepingcomputer.com)
An anonymous reader writes: Security researchers say the Diameter protocol used with today's 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier. The vulnerabilities are happening because 4G operators are misconfiguring the Diameter protocol (a SS7 replacement) and using it in the same way as SS7.
The incorrect use of Diameter leads to the presence of several vulnerabilities in 4G networks that resemble the ones found in older networks that use SS7, and which Diameter was supposed to prevent. Researchers say that the Diameter misconfigurations they've spotted inside 4G networks are in many cases unique per each network but they usually repeat themselves to have them organized in five classes of attacks: (1) subscriber information disclosure, (2) network information disclosure, (3) subscriber traffic interception, (4) fraud, and (5) denial of service. Researchers warn that not fixing these vulnerabilities "could lead to sudden failure of ATMs, payment terminals, utility meters, car alarms, and video surveillance." This is because these types of devices often use 4G SIM card modules to connect to their servers when located in a remote area where classic Internet connections are not possible. Old SS7 attacks such as tracking users' location and intercepting SMS and phone calls are also possible via Diameter as well.
The incorrect use of Diameter leads to the presence of several vulnerabilities in 4G networks that resemble the ones found in older networks that use SS7, and which Diameter was supposed to prevent. Researchers say that the Diameter misconfigurations they've spotted inside 4G networks are in many cases unique per each network but they usually repeat themselves to have them organized in five classes of attacks: (1) subscriber information disclosure, (2) network information disclosure, (3) subscriber traffic interception, (4) fraud, and (5) denial of service. Researchers warn that not fixing these vulnerabilities "could lead to sudden failure of ATMs, payment terminals, utility meters, car alarms, and video surveillance." This is because these types of devices often use 4G SIM card modules to connect to their servers when located in a remote area where classic Internet connections are not possible. Old SS7 attacks such as tracking users' location and intercepting SMS and phone calls are also possible via Diameter as well.
Why don't they just use a tried and true protocol like HTTPS instead of rolling their own protocol?
This is in fact what Diameter does for security it uses TLS just like HTTPS.
Diameter replaces SS7? In what universe? SS7 is a control signalling protocol used for setting up calls. Diameter is a AAA (Authentication, Authorization & Accounting) protocol that's just a supercharged Radius (Diameter = twice the Radius, get it? ha ha). No doubt you can royally screw up the AAA setup and leak like a sieve, but it's got nothing to do with SS7.
The summary says:
"The incorrect use of Diameter leads to the presence of several vulnerabilities in 4G networks"
That's like saying:
"The incorrect use of HTTP (such as not requiring HTTPS, or permittting weak ciphers, or not protecting sensitive APIs from the internet with a firewall) leads to the presence of several vulnerabilities in corporate networks".
In other words, it's not that the protocol itself is vulnerable, but that misconfiguration and poorly architected deployments can result in installations that are vulnerable.
Just like HTTP(S).