Following an article in Süddeutsche Zeitung, a German daily newspaper, there have been media reports about a vulnerability in the SS7 signaling protocol. Hackers have allegedly exploited this vulnerability to manipulate online banking applications. Deutsche Telekom customers are not at threat. Regrettably, Süddeutsche Zeitung initially failed to publish this important fact in its article.
Even before the vulnerability became known, Deutsche Telekom had introduced what is known as home routing in order to prevent this and similar kinds of hacker attack, and had informed Süddeutsche Zeitung of this before publication of its article.
After becoming aware of the vulnerability in late 2014, Deutsche Telekom took additional measures to ward off potential attacks via the SS7 protocol. Most recently, in the first quarter of 2017, Deutsche Telekom became one of the first telecommunications providers worldwide to implement an SS7 firewall, which blocks commands emanating from the SS7 network that do not comply with proper use of the corresponding protocol and that could potentially constitute attacks by third parties.
However, the measures taken by individual network operators are just a temporary solution. Only the industry as a whole – and that includes network operators, manufacturers of network infrastructure and terminal equipment, and industry associations and standardization bodies such as ETSI and GSMA – has the means to find a permanent solution to this problem.
