Wireless Industry Says Signaling Security Poses No Risks to Consumers

protocols to track the locations of consumers through their mobile devices. Comments were due Friday in docket 18-99. Major carriers emphasized that their systems were updated to address risks. That was also the industry message when the agency asked about Communications Security, Reliability and Interoperability Council recommendations on diameter protocol security four years ago (see 2003120030). “U.S. providers’ commitment to security has resulted in U.S. networks being relatively more secure from legacy SS7 and Diameter risks than networks in other regions,” CTIA said. CTIA explained that technology is evolving. Legacy SS7 signaling is used today only in legacy 2G and 3G networks and Diameter in 4G and non-stand-alone 5G networks and “was deployed to help reduce risks associated with SS7 and is less susceptible to attacks,” the group said. Stand-alone 5G networks use HTTP/2 for signaling. Verizon said it knows of no successful attempts to access network user location data on its network using weaknesses in the SS7 or Diameter protocols since CSRIC’s adoption of best practices in 2018. “As Verizon explained in response to previous public notices relating to SS7 and Diameter security, in interviews with Commission staff, and in its responses to the Letter of Inquiry received from the Bureau” in October 2022 “we have implemented the relevant recommendations issued by the CSRIC and GSMA on signaling security,” the carrier said. As noted in previous filings, “AT&T has employed an aggressive, multifaceted approach to SS7 and Diameter security” and “continues to take significant, aggressive steps to protect the SS7 and Diameter networks including implementation of CSRIC’s working group recommendation,” the carrier said.