We are living in a more and more connected world and for the sake of speed and simplicity our actions are increasingly relying on mobile telecommunication networks. Facing this fast evolution of mainly the last decade, the mobile telecommunication networks are nonetheless based on the old SS7 standard (Signalling System #7) developed in the seventies for operators which trusted each other as they could control access to their proprietary hardware. With the opening of telecommunications to the internet, security has been more difficult to guarantee as testified by known security flaws reported by the security industry [PT18] or major incidents reported in the press [Tan17, Khan17].
This study proposes to analyse the SS7 traffic flow of 3 Belgian Mobile Network Operators (MNO) in order to help the intelligence services (VSSE and ADIV), the Belgian telecom regulator (BIPT) and the MNOs themselves to identify and/or exploit threats. The experience gathered by companies conducting security audits for MNOs in the last years show how relatively easy it is for attackers to use security flaws of SS7 [Puz17] or Diameter [Mash2017] to gather information about subscribers, locate or track them, intercept SMS or calls or perform a denial of service. Some of the conclusions of these audits is that MNOs often lack the knowledge about vulnerabilities and their consequences [Mash17], or should employ additional security measures [Puz17].