Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Mobile & Wireless

Attacking the Organism: Telecom Service Providers

Securing the Massive Netwoks of Telecom Service Providers is a Major Challenge and Becoming More Complex

Securing the Massive Netwoks of Telecom Service Providers is a Major Challenge and Becoming More Complex

Service providers and telecom carriers form the backbone of communications and commerce in modern economies. Their networks and cell towers deliver the internet itself—and everything that depends on it—to homes, businesses and mobile devices all over the world. And the complexity involved in doing so creates enormous security challenges. 

Major telecom companies provide the back-end datacenters, backhaul networks and cell towers to deliver connectivity all the way to your individual device and the array of applications on it. They also offer many of the storefronts that put manufacturers’ devices into your hands in the first place.  

Much has been said of the explosion of applications now driving everything from power grids to Pokemon, but it’s this pervasive global industry that provides the connective tissue for all those billions of end points. An average smartphone may have several dozen applications on it. The potential for backdoors in applications and devices can create even more challenges.

Service providers also deploy a multitude of applications themselves—to support not just phone, internet and account services but also a host of other customer-facing features and functions. There may be hundreds of applications on the back end that support delivery of all those services. 

Cell towerEvery one of these components is a potential insertion point for an attacker. Since this industry touches nearly every person and organization, motivations for those attacks—the CHEW involved—can arise from anywhere. Service disruption may be the goal for some attackers, but more often they seek to infiltrate administrative accounts as a means to gain deeper access into the networks of their ultimate marks: end customers, whether they be individuals or large enterprise companies.

Recently, researchers in Germany discovered a vulnerability in modern LTE/4G devices that can allow attackers to impersonate a device’s owner, access accounts and download any unencrypted information. Since the hack requires attackers to be in close proximity to the target, most people are unlikely to be affected. 

But high-value individuals with access to sensitive information could be targeted for purposes of espionage, cyberwarfare or financial gain. Attackers may try to use compromised devices as another avenue for entry into a larger network with high-value information. 

Advertisement. Scroll to continue reading.

Gaining entry through a mobile device may be on the rise, but it’s still less common than other types of attacks. Data from F5 Labs shows that over the past few years DDoS and brute force attacks are the most common vectors for the service provider industry, both when the customer was the ultimate target and when the service provider was. Denial-of-service (DoS) attacks against service providers generally focus on services and apps or the IT infrastructure itself, attempting to drown the bandwidth and take down the network, or to target more customers. 

Access and authentication hacks are also a common scheme for using service providers to attack customers further downstream. Brute force attacks are among the most frequently used to either breach a customer or attempt to obtain administrative credentials. This can involve credential stuffing with stolen combinations, trying classic weak passwords like “password” or simply guessing at a massive scale in an automated fashion.  

In each of these cases, it can be difficult for the service provider to discover the attack until a service has gone down or calls start coming in, especially in cases of account takeovers. 

So how does the industry defend this colossal expanded organism? Since many of these attacks are masked as a spike in traffic or a general outage, service providers must be equipped to analyze unusual traffic against expected conditions, and then identify all the junk queries in their network service logs. 

The ability to detect spikes in log-in attempts or bad queries to the network or other suspicious traffic is the best way to mitigate an attack before it goes too far—or before an attacker has slipped undetected into a higher-value network.

To protect their traffic as it flows from the back end to towers all over the world to devices in users’ hands and back again, service providers also need advanced firewall protections that essentially “understand” more of the LTE network and the protocols within that infrastructure, including signaling protocols like Diameter and SIP. Protecting the applications traversing that network path is also critical, requiring solutions for application health monitoring, a robust WAF, web access controls and TCP optimization.

As expansive and important as this industry already is, the risks for carriers are only becoming more intense as today’s LTE and upcoming 5G networks move more applications, data and intelligence closer to the network edge where users interact with it. The network is becoming software in itself, and all those applications need service providers to function. 

As service providers’ networks continue to become more pervasive, more critical as infrastructure and more valuable, there will also be more room for errors to be exploited. Fortunately, targeted defenses are growing in sophistication as well, helping support this critical industry as it tries to keep pace with today’s malicious actors.

Related: ZenKey – How Major Mobile Carriers Are Teaming Up to Eliminate Passwords

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.