SigPloit: published framework for testing telecom vulnerabilities in SS7, GTP, Diameter and SIP protocols

The code for the SigPloit framework has been published on GitHub. The code laid out in the open access information security researcher Loay Abdelrazek (Loay Abdelrazek). Using SigPloit, you can test for vulnerabilities in telecommunications protocols. The emergence of the project can seriously change the situation in the field of information security of telecom operators.

How the system works

The description of the repository states that SigPloit is a framework for information security professionals in the field of telecommunications. With it, researchers can perform penetration tests and test known vulnerabilities of signaling protocols in the networks of telecom companies.
')
As stated by the creators, the purpose of the framework is to enable analysis of the security of all existing protocols used in the infrastructure of telecom operators, including SS7, GTP (3G), Diameter (4G) and even SIP for IMS and VoLTE, which is used at the access level and to encapsulate SS7 messages in SIP-T. The documentation states that during the testing process, the system will also issue recommendations for improving the security of a specific network.

What does this mean for telecom companies

Security of protocols used by telecommunication companies is often based on their specificity. In practice, this means that the level of security of the telecom infrastructure may be insufficient, however, companies manage to avoid problems due to the small number of researchers who understand the highly specialized protocols and intricacies of the infrastructure. The SigPloit framework can be easily upgraded to the full range of attacks on SS7.

With the advent of public penetration testing tools, the level of entry into the telecom security sector is significantly reduced. Now, attacks on the infrastructure of operators will not be able to experts with extensive experience in the industry, but even novice researchers who know how to use Linux and work with GitHub.

The safety of users of telecommunications services will decrease if operators do not pay more attention to its provision.

Positive Technologies experts have repeatedly raised the topic of insecurity of the SS7 signaling protocol ( one , two , three ). Recently, attacks on it have turned from theoretical to practical and affect a large number of users - there have been cases where SS7 vulnerabilities have allowed attackers to steal users' money or hack their Telegram accounts.