The Migration to an All-IP Network

Last month the FCC recommended that carriers adopt a number of security measures to help block against hacking in the SS7 Signaling System 7). Anybody with telephone network experience is familiar with the SS7 network. It has provided a second communication path that has been used to improve call routing and to implement the various calling features such as caller ID.

Last year it became public that the SS7 network has some serious vulnerabilities. In Germany hackers were able to use the SS7 network to connect to and empty bank accounts. Those specific flaws have been addressed, but security experts look at the old technology and realize that it’s open to attack in numerous ways.

It’s interesting to see the FCC make this recommendation because there was a time when it looked like SS7 would be retired and replaced. I remember reading articles over a decade ago that forecast the pending end of SS7. At that time everybody thought that our legacy telephone network was going to be quickly migrated to all-IP network and that older technologies like SS7 and TDM would retired from the telecom network.

This big push to convert to an IP voice network was referred by the FCC as the IP transition. The original goal of the transition was to replace the nationwide networks that connect voice providers. This nationwide network is referred to as the interconnection network and every telco, CLEC and cable company that is in the voice business is connected to it.

But somewhere along the line AT&T and Verizon high-jacked the IP transition. All of a sudden the transition was talking about converting last-mile TDM networks to digital. Verizon and AT&T want to tear down rural copper and largely replace it with cellular. This was not the intention of the original FCC plans. The agency wanted to require an orderly transition of the interconnection network, not the last-mile customer network. The idea was to design a new network that would better support an all-digital world while also still connecting to older legacy copper networks until they die a natural economic life. As an interesting side note, the same FCC has poured billions into extending the life of copper networks through the CAF II program.

Discussions about upgrading connections between carriers to IP fizzled out. The original FCC vision was to take a few years to study the best path to an all-IP interconnection network and then require telcos to move from the old TDM networks.

I recently had a client who wanted to establish an IP connection with one of the big legacy telcos. I know of some places where this is being done. The telco told my client that they still require interface using TDM, something that surprised my client. This particular big telco was not yet ready to accept IP trunking connections.

I’ve also noticed that the costs for my clients to buy connections into the SS7 network have climbed over the past few years. That’s really odd when you consider that these are old networks and the core technology is decades old. These networks have been fully depreciated for many years and the idea that the cost to use SS7 is climbing is absurd. This harkens back to paying $700 per month for a T1, something that sadly still exists in a few markets.

When the FCC first mentioned the IP transition I would have fully expected that TDM between carriers would have been long gone by now. And with that would have gone SS7. SS7 will still be around in the last-mile network and at the enterprise level since it’s built into the features used by telcos and in the older telephone systems owned by many businesses. The expectation from those articles a decade ago was that SS7 and other TDM-based technologies would slowly fizzle as older products were removed from the market. An IP-based telecom network is far more efficient and cost effective and eventually all telecom will be IP-based.

So I am a bit puzzled about what happened to the IP transition. I’m sure it’s still being talked about by policy-makers at the FCC, but the topic has publicly disappeared. Is this ever going to happen or will the FCC be happy to let the current interconnection network limp along in an IP world?

Just When You Thought It Was Safe . . .

Yet one more of our older technologies is now a big target for hackers. Recently hackers have been able to use the SS7 (Signaling System 7) network to intercept text messages from banks using two-factor authentication and then cleaning out bank accounts.

This is not the first time that SS7 has been used for nefarious purposes. Industry experts started to warn about the dangers of SS7 back in 2008. In more recent years there have been numerous reports that the SS7 network has been used by governments and others to keep tabs on the locations of some cellphones. But the use of the SS7 network to intercept text messages creates a big danger for anybody using online banking that requires text-massage authentication. Once a hacker intercepts a text verification code they can be inside your bank account.

Once a hacker is inside the SS7 network they can use the protocol to redirect traffic. This was recently demonstrated on 60 Minutes when German hackers intercepted phone calls made to congressman Ted Lieu, with his permission. SS7 can be used to direct, block or perform numerous functions on any telephone number, making it a great tool for spying.

Telephone techs are familiar with SS7 and it’s been with us since 1975. It was developed by Bell Labs and was the technology that allowed the creation of what we’ve come to call telephone features. SS7 technology allowed for the telephone system to snag pieces of called or calling numbers and other network information and led to the creation of such features as caller ID, call blocking, call forwarding and numerous other features.

In the telecom world SS7 is carried on a separate network from the paths used to route telephone calls. Every telephone carrier on the network has separate SS7 trunks that all connect regionally to SS7 hubs, known as STPs. It is the ubiquitous nature of SS7 that makes it vulnerable. There is an SS7 connection to every telephone switch, but also to private switches like PBXs. If the SS7 network was a private network that only connected telco central offices it would be relatively safe. But the proliferation of other SS7 nodes makes it relatively easy for a hacker to gain access to the SS7 network, or even to buy a connection into the SS7 network.

It has now become dangerous to use two-factor authentication for anything. While access to bank accounts is an obvious target, this kind of hacking could also gain access to social networks, entry into corporate WANs or any software platform using two-factor authentication. Some banks have already announced that they are going to abandon this kind of customer authentication, but many of the larger ones have yet to act. You have to think most of them are looking into alternatives, but it’s not particularly easy for a giant bank to change their customer interfaces.

There is a replacement for SS7 on the way. It’s an IP-based protocol called Diameter. This protocol can replace SS7 but also has a much wider goal of being the protocol to authenticate connections to the Internet of Things as well as VoIP communications from cell phones using WiFi.

Banks and others could change to the Diameter protocol and send encrypted authentication messages through email or a messaging system. But this would not be an easy change for the telephone industry to implement. The SS7 network is used today to support major switching functions like the routing of 800 calls and the many telephone features like caller ID. Changing the way those functions are done would be a major change for the industry. It’s one of the many items being looked at by the industry as part of the digital transition of the telephone network. But if it was decided tomorrow to start implementing this change it would require years to make sure that all existing switches keep working and that all of the SS7-enabled functions keep working as they should.

SS7 was implemented long before there was anything resembling a hacker. For the most part the SS7 network has been working quietly behind the scenes to do routing and other functions that have increased the efficiency of the telephone network. But like with most older electronic technologies the SS7 network has numerous flaws that can be exploited by malicious hacking. So it probably won’t be too many years until the SS7 networks are turned off.