from their network. The cellular networks in use today rely on signaling protocols that have been around for many years, such as SS7, GTP, SIP, and Diameter. The newer protocols were released to keep pace with advancements in cellular technology, but they’re all designed to be backward-compatible and communicate with each other. This means that some of the vulnerabilities present in SS7, the oldest protocol, remain present in newer ones like Diameter, or even 5G.

Signaling attacks that exploit vulnerabilities in SS7 and Diameter have been known for a long time, but the unique properties of IoT deployments make them especially vulnerable to these types of attacks. Take, for example, battery drain attacks. With this type of attack, the hackers send signaling messages to a networked device that causes it to perform a function that increases battery usage. By sending the same message repeatedly, the hacker can effectively perform a denial-of-service attack by rapidly causing the targeted device’s battery to drain completely.

A battery drain attack on a mobile network user’s smartphone is a nuisance. A battery drain attack on a remote IoT device that performs a critical function in a high-stakes industrial setting is a different matter entirely. Let’s return to the example of the IoT cannabis farm. If thieves wanted to sneak into the facility undetected, one way they could do it is by draining the batteries on the security cameras, which would allow them to gain physical access to valuable assets without leaving any digital evidence in the surveillance system. 

Unarmed mobile network operators

What are mobile network operators doing to protect themselves and their clients from potentially devastating signaling attacks carried out over cellular IoT networks? The answer, unfortunately, is not much.

According to one study, three-quarters of all mobile operators would be considered vulnerable, with insufficient defenses in place to deal with all of the potential attack vectors into cellular networks. And nearly four out of ten operators don’t know how often they’re being attacked or how much it might be costing their organization.

One problem common to many organizations is a lack of institutional knowledge around cellular networks and their security vulnerabilities. Over the past few decades, cybersecurity has focused primarily on accounts carried out over Internet protocols. Security experts may have gaps in their knowledge where cellular defenses are concerned, and the relative newness of narrow-band IoT and its applications means that both the methods of attack and the most effective ways to prevent them are evolving fields of study.

As attacks on IoT deployments continue to ramp up, the decision to put cellular security on the back burner in favor of defenses that are easier to explain and quantify may come back to haunt some network operators.

Equip before you ship

With cellular IoT networks having inherited so many vulnerabilities from legacy signaling protocols, leaving tremendous potential for harm and abuse, it is critical for mobile network operators or private network owners to bake cellular security into the design of their networks as early on as possible.