In a digital age that sees technology permeating every aspect of our lives, the phrase ‘Locate. Track. Manipulate’ is not merely a trope from a spy thriller. It is the stark reality for anyone with a mobile phone. As long as your phone is on, you are trackable, and the privacy of your personal life hinges on the trustworthiness of your mobile operator and service provider.
At Deutsche Telekom Global Carrier, we are in a unique position as one of the largest telecoms groups, encompassing both mobile operators and an IPX provider. This gives us the dual perspective of having a comprehensive view of both market trends and the inner workings of mobile operators, allowing us to address the real needs of operators from the inside out.
Evolving security landscape
Modern telecoms security is a complex challenge. Gone are the days when security concerns were limited to traditional voice, data and messaging: today, security is a global issue interconnected with many more types of communications, such as IoT, M2M and 5G services, and involving advanced social engineering.
Fraudsters are becoming increasingly professional and creative in finding new ways to avoid detection, pushing all stakeholders to constantly learn and adapt. Security professionals must proactively identify and neutralise new threats, staying one step ahead in this relentless race by being faster and better than fraudsters.
Our approach to fraud covers two critical strategies – extensive learning and knowledge-sharing – with awareness, collaboration and advanced detection being some of the most powerful weapons against fraudsters.
Here, we outline some of the latest threats and fraud cases we’ve observed and prepared for in 2024. These include our fight against entire cross-border fraud rings involving complex schemes across multiple operators and jurisdictions, and comprising the likes of international-revenue-share fraud, SIM-box fraud, ‘wangiri’ fraud and grey routing.
Data fraud
GTPDOOR and GRX-level threats: one of the most-discussed malware threats of 2024 opens the list. GTPDOOR vulnerabilities in the GPRS tunnelling protocol (GTP) are often exploited at the GPRS-roaming-exchange (GRX) level to penetrate mobile networks, intercept data or launch attacks. As data use compared with voice use increases, so does the impact of such attacks. Protecting subscribers requires comprehensive security measures, including firewalls, penetration testing and continuous monitoring.
Voice-over-LTE (VoLTE) and voice-over-WiFi (VoWiFi) fraud: the growth of VoLTE and VoWiFi has attracted fraudsters, who exploit vulnerabilities in signalling protocols to intercept calls, conduct toll fraud or perform unauthorised call forwarding. Strengthening signalling security, enhancing authentication mechanisms and continuous security monitoring are essential steps that MNOs can take to mitigate these risks and ensure secure, reliable services for customers.
IoT and M2M fraud: the IoT and M2M landscape presents diverse fraud challenges. These include GT-leasing abuse, which exploits the significant portions of M2M traffic that come largely from MVNOs using leased global titles, and 2G vulnerabilities from the many M2M devices that still require SS7 signalling, which is not always properly filtered. There are also DDoS attacks, which disrupt network nodes such as HLRs, MSCs and SMSCs, causing widespread service disruption, and signalling storms, which overwhelm network infrastructure and potentially that of roaming partners, leading to outages. These can infect not only home networks, but also visited ones.
LTE vulnerabilities: several factors are impacting the safety of messages exchanged via 4G or 5G non-standalone (NSA). The vulnerability of the protocol is causing a high ratio of fraud, reducing levels of trust between roaming partners and increasing the variety of roaming scenarios. There is also a limited number of security options that can be applied to legacy network elements, such as STPs. All messages sent using the diameter protocol are, meanwhile, open to man-in-the-middle attacks, as they are seen and answered by several systems numerous times, with the return answer always taking the same IP path back to the sender of a request. This increases the number of chances for messages to be intercepted and firewalls therefore won’t provide 100% protection.
Old fraud, new techniques
SMS fraud: messaging remains one of the oldest sources of malicious behaviour, yet is still persistent. Between 2023 and 2024, the proportion of intercepted SMS traffic has increased dramatically. This traffic is sold in real time via APIs to fraudsters, who then impersonate the SMS sender, deceiving victims into divulging sensitive information or transferring funds. Better authentication, integrity and detection are key elements to protect the network against such fraud.
SIM swap 2.0: the evolution of SIM-swap fraud, known as SIM swap 2.0, involves more sophisticated social engineering and technical expertise, allowing malicious actors to take control of a victim’s phone number by tricking mobile operators. The implications can be devastating, leading to unauthorised access to personal accounts and sensitive information. Protecting against this type of fraud involves using machine-learning algorithms to detect anomalies, in combination with techniques like multifactor authentication and advanced verification methods.
Thwarting threats
In response to these scenarios, we launched the Magenta Security Roaming concept in April. This comprehensive offering aims to safeguard mobile networks from the myriad of cyberattacks that jeopardise the reliability of telecoms services.
Our initiative comprises services for all technologies from 2G to 5G, starting with the restriction of SS7 and diameter signalling networks to mobile operators only to reduce the risk of unauthorised access and potential security breaches.
Exceptions are made for full MVNOs that terminate IoT and M2M traffic, ensuring that essential services continue to operate smoothly while maintaining robust security standards.
To mitigate risks associated with M2M traffic, we implement a screening process whereby each case is carefully evaluated, requiring MVNOs to comply with the GSMA GT Leasing code of conduct and obtain written consent from the terminating party. This approach ensures that only verified and compliant traffic is allowed, significantly reducing fraudulent activities and enhancing overall network security.
Recognising vulnerabilities of 4G and 5G NSA networks, we also offer diameter end-to-end security solution (DESS) phase I delegated capabilities to Magenta Security Roaming customers. This is designed to protect against man-in-the-middle attacks, ensuring data integrity and confidentiality.
Meanwhile, our group-hosted SEPP (security edge protection proxy) for Family & Friends, another element of this Magenta offering, provides a comprehensive answer to evolving 5G security needs in our roaming industry. It offers a one-stop shop for 5G security, specifically designed for those operators that have already enabled 5G SA roaming.
Building a resilient future
The telecoms industry is at a critical juncture, whereby the sophistication of cyberthreats is only growing. To build a resilient future, we need a collaborative approach to security. Continuous learning, knowledge-sharing and leveraging advanced technologies are fundamental to staying ahead of fraudsters.
Deutsche Telekom Global Carrier is committed to fostering a culture of security awareness and innovation, with our most important mission being to continuously improve security services for our customers and their subscribers.
The battle against telecoms fraud is relentless, but with vigilance, collaboration and cutting-edge security measures, we can safeguard the integrity of our networks. The journey towards a secure telecoms environment is ongoing – yet together, we can make significant strides in protecting our subscribers.
