On the security of VoIP mobile network operator and international carrier interconnects

Abstract: All Mobile Network Operators (MNOs) as well as international carriers are moving voice services from the legacy Public Switched Telephone Network (PSTN) to Voice over IP (VoIP). The benefit is that VoIP traffic can be easily rerouted at any moment, thus giving companies a variety of options as traffic can be rerouted to any carrier of choice leading to different Quality of Service (QoS) levels (and thus agreements) as well as different prices to choose from. With a fierce competition for the telecom companies involved in the voice traffic hubbing business, this new landscape offers not only opportunities but also opens the system to vulnerabilities. The stakes are actually quite high: If harm can be done to one of these international carriers, other companies will route away their traffic. The result will be significant financial damages for the company as well as a serious harm to its reputation. The aim of this paper is to raise awareness that internationalcarriers and in particular their VoIP traffic can be exposed to debilitating attacks to harm these systems that are critical for our everyday life. The experimentation in this project demonstrates with a hands-on example how a major carrier can be hacked and rendered useless. In particular, we craft a framework for testing the security of interconnects between MNOs and international carriers. The central point of the paper will be to demonstrate how easy it can be to attack major carriers in the market: using common open source tools without having any information in advance. Moreover, the goal is to understand how the market functions, how interconnects between companies are built, where the weaknesses are, and which solutions can thwart those threats and secure these systems.