Some of the well-known weaknesses of SS7 Roaming Networks have been replicated in the next-gen telco protocol, Diameter.
Diameter will be used for roaming connections of LTE/LTE-A mobile networks. The protocol is designed for trusted environments – roaming interconnection interfaces between providers – but the "walled garden" assumptions of telco operators are not valid so that attacks including spoofing and more are possible, according to researchers from German security consultancy ERNW.
Diameter-based networks, messages and functions can be abused. Typical attacks would result in information leaks about a targeted environment, but attacks against the authentication and encryption of customers are also possible. Intelligence gleaned might be used to intercept mobile data/calls as well as opening up the possibility of running various types of fraud.
All around Diameter: ERNW spells it out at Black Hat
To demonstrate such attacks, researchers at ERNW developed a testing framework covering information gathering, mobile phone tracking, denial-of-service, pay fraud, and interception of data. The framework was released after a talk on the research at the Black Hat EU conference this week.
The tool is designed to enable providers and security companies to assess a telco's Diameter network configuration and demonstrate the scope of possible malfeasance.
ERNW researchers urged telcos to secure these interfaces and assess the infrastructure components and configurations.
Diameter is an authentication, authorisation, and accounting protocol which is in the process of replacing RADIUS. ®