Written Answer

Directives to Mobile Operators to Remove Signalling System 7 and Diameter Protocols to Resolve Network Vulnerabilities

6 August 2024 · Ministry of Digital Development and Information

Speakers

Gerald Giam Yean Song Josephine Teo (Minister for Digital Development and Information and Second Minister for Home Affairs)

Summary

This question concerns whether IMDA has directed mobile operators to remove Signalling System 7 (SS7) and Diameter protocols to resolve vulnerabilities related to location and monitoring exploits. Minister for Digital Development and Information Josephine Teo replied that these are standard protocols for 3G and 4G networks without more secure approved alternatives for those generations. She stated that operators must implement measures like specialized firewalls, system safeguards, and network encryption to detect and block unauthorized access. These measures align with international standards set by organizations like the GSMA to mitigate inherent security risks. Lastly, the Minister noted that 5G networks utilize newer protocols designed to overcome the vulnerabilities found in these older systems.

Transcript

36 Mr Gerald Giam Yean Song asked the Minister for Digital Development and Information whether IMDA has issued any directives to mobile operators to (i) remove the Signalling System 7 (SS7) and Diameter protocols from their networks to prevent cyber attackers from using SS7- and Diameter-based location and monitoring exploits and (ii) resolve vulnerabilities related to SS7- and Diameter-based location and monitoring exploits.

Mrs Josephine Teo: The Signalling System 7 (SS7) and Diameter protocols are standard international telecommunication network signalling protocols used in 3G and 4G mobile networks, respectively. They are used by mobile operators who connect to each other for functions, such as the setting up of calls and routing of SMSes. While there are known vulnerabilities with these protocols, there are no alternative protocols in 3G and 4G networks which are more secure and approved by international standard bodies, such as 3rd Generation Partnership Project (3GPP) and European Telecommunications Standards Institute (ETSI).

Mobile operators are required to put in place measures to secure their networks, including against vulnerabilities inherent in the SS7 and Diameter protocols. To address the vulnerabilities of these older protocols, mobile operators have implemented measures, such as specialised firewalls and system safeguards, to ensure early detection of suspicious network activities and blocking any unauthorised access detected. They have also implemented further control measures to secure their connections with other mobile networks, such as through the use of network encryption. These measures are aligned with international standards development organisations, such as Global System for Mobile Communications Association (GSMA).

These older protocols are no longer adopted in 5G mobile networks, where more secure protocols have been implemented, which overcome the inherent vulnerabilities of older protocols by design.