Silent No More: Mobile Roamers Spur a Security Evolution

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Were you a “silent roamer”?

If you used to travel internationally, turned off your cellular radio while searching desperately for an internet available café with Wi-Fi or purchased an in-country SIM, then you were a “silent roamer.” Today, with premium roaming charges significantly diminished by global mobile network operators, mobile subscribers don’t have to fear “bill shock,” change their usage patterns or avoid accessing their favorite services. International roaming has become part of the seamless mobile experience.

For mobile network operators, however, this step change in roaming has caused considerable change and exposed new vulnerabilities. Many network operators are still adjusting to the shift and are now re-examining security on the roaming network. Roaming traffic volumes, devices, and partners have all increased – exposing a broader attack surface for malicious actors and increasing the likelihood of unintentional events impacting network availability.


The Rise in Roaming Traffic

As a result of the EU commission ruling on “Roam Like at Home” as well as other tariff changes, traffic volume has shot up and revenue declined. Roaming traffic has grown exponentially in the last year. No longer afraid of the cost, the so-called “silent roamers” are adopting the same usage patterns that they have when they are not roaming. Seamless, transparent mobile access was the object of the Roam Like at Home initiative. That also means roaming traffic and subscribers are vulnerable to the same malicious threats as elsewhere in the network.

At one time, mobile roaming was relatively simple. A typical operator had a few key roaming agreements, and the volume of (mostly voice) traffic was small due to the high price. Now, Tier 1 operators offer hundreds of destinations and can have up to 100 roaming agreements per country, per network technology, including voice, data, video and text/SMS. The types and volume of devices roaming are of the same composition as the rest of the network and now include numerous IoT devices.

More MVNO models are also emerging. Traditional mobile virtual network operators offer lower prices to consumers and businesses and often include cheap international roaming as part of that package. With IoT expanding, some MVNOs have specialized on the IoT market.  With vLTE- or EPC-in-a-box, it is much less costly for IoT solution providers or large enterprises to provide more mobile core network elements themselves and control subscribers through their own network. Companies like Rakuten. an on-line market in Japan, can become MVNOs.  Electric utilities with SIM-enabled smart meters can now become MVNOs and gain better control and security over their IoT devices.


The Impact on Operators

What this means for operators is that a once relatively easy-to-manage part of their network has suddenly become much more complex and difficult to secure. This increase in roaming traffic will change the threat landscape. Those who want to damage the reputation of the operator now have a new point of attack. Service disruption to the roaming network could now impact a lot more customers and have greater implications.

As a result, more operators are re-examining their security approach in roaming. In our discussions with operators and in the trials we have conducted, we have also found that the threats found on the SGi are also found on roaming. We have observed ransomware, such as Locky, and cryptocurrency mining, such as Coinhive and CoinMiner, both of which  have severe impact on subscribers and have also been reported much in the news. In almost every single trial we have conducted, we have observed C2 traffic between devices and malicious sites known to be associated with botnet activity.

Roaming is also vulnerable to conditions and attacks that are unique to the GPRS Tunneling Protocols (GTP) used in roaming.

The mobile industry GSM Association (GSMA) published roaming guidelines for operators. The documents identify vulnerabilities found in the GTP protocol, the protocol used for roaming, and describe how they can be manipulated for a malicious action or be the result of an unintentional event, such as network element malfunction, natural disaster, or network outage,   all of which can cause message floods or network elements to malfunction or fail.

Many operators have not previously followed GSMA guidelines or updated their security infrastructure in this area of the network for years, if they have any at all. For the most part, operators are blind to what is now coming across their roaming interface. If you can’t see the threats, you can’t protect your network against them, and you also can’t offer a security answer for your important customers or maintain that level of trust that has been so important to building your business.

The Palo Alto Networks Security Operating Platform provides consistent, application-layer visibility and enforcement for the roaming interface and across all other mobile network peering points. The platform also provides a set of mobile network infrastructure features that provide protection against a number of signaling vulnerabilities and allow operators to easily see who and what is impacting the network. With this strong visibility and mobile infrastructure functionality, mobile network operators can be assured that their network will be protected against any roaming-initiated threats.

The post Silent No More: Mobile Roamers Spur a Security Evolution appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?