Mobile subscribers are blissfully unaware of vulnerabilities in their mobile operator’s network that could lead to their calls or texts being intercepted, becoming victims of fraud or unauthorized location tracking.
Research commissioned by Xura Inc. shows that only 30% of respondents to the survey—conducted with consumers in the US, UK and Australia—claimed awareness of any security weakness in mobile phone networks.
Respondents provided a list of reasons for their security concerns, including vulnerabilities in operating systems (9%), apps (6%), operator data leaks (3%) and vulnerabilities in Bluetooth, Wi-Fi, and voicemail hacking. However, only 6% indicated specific awareness of vulnerabilities in the technology of the telecoms network itself.
“SS7 (Signaling System 7) is a core technology used by telecoms networks globally,” explained Mark Windle, strategy and marketing director at Xura Security. “SS7, however, contains vulnerabilities that can be exploited to carry out a whole host of malicious activities; from triggering fraudulent calls or texts to be sent to premium rate services at the subscriber’s expense, to location tracking and call/SMS interception.”
The report also uncovered that a third (32%) of mobile subscribers never check their balance or bill to verify that they have been correctly charged or to detect possible suspicious activity on their account—with those aged between 31 and 50 least likely to check their monthly bills.
“Often these attacks can happen without the mobile user’s knowledge,” said Windle. “With fraud, the only indicator may be on the subscriber’s bill. However, we appear to have considerable faith in mobile operators, hence why many of us may not think to suspect any inaccuracies in bills.”
In fact, more than two thirds (69%) of subscribers questioned feel that they are moderately well protected by their service providers from fraudsters and hackers.
“Until the network is properly secured, the operator is putting this significant amount of customer loyalty at risk,” continued Windle.
In terms of which hacks would affect subscribers the most, over half of subscribers felt like they would be severely or badly affected by a denial of service attack (58%), fraudulent calls and SMS subscriptions respectively (52%). Fraud is also the type of hack that subscribers feel is most likely to happen to them, with 45% anticipating becoming a victim of fraudulent calls made at their expense, and fraudulent registration for premium SMS services (38%).
Subscribers also indicated that if they became a victim of mobile cybercrime, nearly half (49%) would seek compensation from their mobile network operator and a third (33%) would inform the telecom regulator. Worse still, 29% would change their network provider either immediately (22%) or at the next renewal date (seven%).
Windle added: “SS7 attacks leading to fraud are likely to impact subscribers the most, and with consequential impact for the network operators in the form of compensation claims or the loss of angry subscribers to competitors. With security becoming a priority for consumers and enterprises alike, operators have an opportunity to become the trusted provider by moving quickly to combat potential exploitation.”
Photo © pathdoc