Communications Litigation Today was a Warren News publication.

Wireless Industry Says Signaling Security Poses No Risks to Consumers

CTIA told the FCC that U.S. networks are secure in comments on a notice from the FCC Public Safety Bureau on providers’ implementation of security counter-measures to prevent the exploitation of vulnerabilities in the Signaling System 7 (SS7) and Diameter protocols to track the locations of consumers through their mobile devices. Comments were due Friday in docket 18-99. Major carriers emphasized that their systems were updated to address risks. That was also the industry message when the agency asked about Communications Security, Reliability and Interoperability Council recommendations on diameter protocol security four years ago (see 2003120030). “U.S. providers’ commitment to security has resulted in U.S. networks being relatively more secure from legacy SS7 and Diameter risks than networks in other regions,” CTIA said. CTIA explained that technology is evolving. Legacy SS7 signaling is used today only in legacy 2G and 3G networks and Diameter in 4G and non-stand-alone 5G networks and “was deployed to help reduce risks associated with SS7 and is less susceptible to attacks,” the group said. Stand-alone 5G networks use HTTP/2 for signaling. Verizon said it knows of no successful attempts to access network user location data on its network using weaknesses in the SS7 or Diameter protocols since CSRIC’s adoption of best practices in 2018. “As Verizon explained in response to previous public notices relating to SS7 and Diameter security, in interviews with Commission staff, and in its responses to the Letter of Inquiry received from the Bureau” in October 2022 “we have implemented the relevant recommendations issued by the CSRIC and GSMA on signaling security,” the carrier said. As noted in previous filings, “AT&T has employed an aggressive, multifaceted approach to SS7 and Diameter security” and “continues to take significant, aggressive steps to protect the SS7 and Diameter networks including implementation of CSRIC’s working group recommendation,” the carrier said.