Telcos in Africa riddled with security holes
A recently concluded security study on telecoms security in Africa has revealed how telecommunications equipment vendors are supressing knowledge of vulnerabilities and has resulted in millions of dollars worth of network outages in most African countries. The study also shows how malformed network packet disabled couple of carrier’s GSM subscriber database in countries like South Africa, Rwanda, Ghana, Uganda, Zimbabwe, Tanzania and Kenya among others. Experienced hackers are said to have colluded with rogue staff to send malformed packets from femtocells or networks to crash carriers’ home location register server clusters, which store GSM subscriber details as part of the global signaling system no 7.The study also shows that almost 93% of telco operators in Africa have no traffic filtering over the signaling system number 7 network. During their study, researchers were able to remotely crash HLR frontend for less than ten minutes each by sending one malformed packet. That means with 6 packets a minute, one can crash the world’s HLR and this means there is no communication possible for a continent of 1billion people. Security flaws have persisted in Africa’s telecommunications infrastructure is due to inaction by telco equipment manufacturers, the complexity of networks, and a lack of security oversight in the industry.
Telcos in Africa like most other continents are running networks where layers of legacy kit has created high complexity that operators were unaware of glaring holes which researchers revealed in penetration tests. One East Africa telco was recently accused of routing half its traffic through a rival’s network, forcing the company to fund a significant bandwidth burden and up to now the two telcos have yet to settle the case amicably. It is very devastating for me to see very well educated and talented experts at telcos being shielded from the reality of their network by the vendor who has no interest in educating them about the telecom security and exposure of their own networks and no one seem to be bothered.As a penetration tester, one of the researchers said he often accessed a telco network using services that administrators were unaware were active which is a matter of grave concern.Another researcher said” I have accessed an operator’s systems through their x25 network which they never knew was running because the network vendor never disclosed it and it was just underlying technology.” ”All of these change management, configuration management and monitoring systems are specific to one kind of equipment, and you need to access several of these to get a clear vision of what is on your systems.”In my opinion, this study shows how ignorant operators in Africa are when it comes to security.