The interconnection network (IPX) connects telecommunication networks with each other. The IPX network enables features like roaming and data access while traveling. Designed as a closed network it is now opening up and unauthorized entities now misuse the IPX network for their purposes. The majority of the IPX still runs the Signaling System No. 7 (SS7) protocol stack, while the more advanced operators now turn towards Diameter based LTE roaming. SS7 is known to suffer from many attacks. The first attacks for Diameter are known. In this article, we will show how an attacker can deduct a subscriber profile from the Home Subscriber Service (HSS). The subscriber profile contains all key information related to the users’ subscription e.g. location, billing information etc. We will close with a recommendation how to prevent such an attack.
Silke Holtmanns, Yoan Miche, Ian Oliver (Nokia Bell Labs): Subscriber Profile Extraction and Modification via Diameter Interconnection
Presented at NSS 2017, Helsinki. Lecture Notes in Computer Science