Nearly a third never check their bill to verify correct charges and detect suspicious activity
WAKEFIELD, Mass. Research commissioned by Xura, Inc., a leading provider of secure, digital communications services, has revealed the extent to which mobile subscribers are unaware of vulnerabilities in their mobile operator’s network that could lead to their calls or texts being intercepted, so becoming victims of fraud or unauthorised location tracking. Only 30 percent of respondents to the survey – conducted with consumers in the US, UK and Australia – claimed awareness of any security weakness in mobile phone networks.
Respondents provided a list of reasons for their security concerns including vulnerabilities in operating systems (nine percent), apps (six percent) operator data leaks (three percent) and vulnerabilities in Bluetooth, WiFi, and voicemail hacking. However, only six percent indicated specific awareness of vulnerabilities in the technology of the telecoms network itself.
Mark Windle, Strategy and Marketing Director, Xura Security, said: “SS7 [Signalling System 7] is a core technology used by telecoms networks globally. SS7, however, contains vulnerabilities that can be exploited to carry out a whole host of malicious activities; from triggering fraudulent calls or texts to be sent to premium rate services at the subscriber’s expense, to location tracking and call/SMS interception. The threat is very real but thankfully so too is the solution. Xura is actively helping operators around the world to secure their networks and protect their customers. Naturally some operators move faster than others and those that are yet to act will know the consequences of not protecting themselves and their subscribers against potential attacks. Securing their networks should be the highest priority.”
Shockingly, almost a third (32 percent) of mobile subscribers never check their balance or bill to verify that they have been correctly charged or to detect possible suspicious activity on their account, with those aged between 31 and 50 least likely to check their monthly bills.
“Often these attacks can happen without the mobile user’s knowledge. With fraud, the only indicator may be on the subscriber’s bill. However, we appear to have considerable faith in mobile operators, hence why many of us may not think to suspect any inaccuracies in bills: according to the research over two thirds (69 percent) of subscribers questioned feel they are moderately well protected by their service provider from fraudsters and hackers. Until the network is properly secured, the operator is putting this significant amount of customer loyalty at risk,” continued Windle.
In terms of which hacks would affect subscribers the most, over half of subscribers felt like they would be severely or badly affected by a denial of service attack (58 percent), fraudulent calls and SMS subscriptions respectively (52 percent). Fraud is also the type of hack that subscribers feel is most likely to happen to them, with 45 percent anticipating becoming a victim of fraudulent calls made at their expense, and fraudulent registration for premium SMS services (38 percent).
Subscribers also indicated that if they became a victim of mobile cybercrime, nearly half (49 percent) would seek compensation from their mobile network operator and a third (33 percent) would inform the telecom regulator. Worse still, 29 percent would change their network provider either immediately (22 percent) or at the next renewal date (seven percent).
Windle added: “SS7 attacks leading to fraud are likely to impact subscribers the most, and with consequential impact for the network operators in the form of compensation claims or the loss of angry subscribers to competitors. With security becoming a priority for consumers and enterprises alike, operators have an opportunity to become the trusted provider by moving quickly to combat potential exploitation. By implementing a comprehensive solution that is powerful enough to secure all points of attack, not only blocking suspicious activity but also using advanced analytics to help secure the network against future attacks, the operator can detect, protect and secure their network assets, data and ultimately their subscribers.”
Other key findings:
- 22 percent of subscribers don’t implement any rules when they decide to grant apps permission to access other features or data on their phone
- Only eight percent would switch to apps to make calls and send messages more securely than through traditional voice calls and SMS messages
- 24 percent would change their number if attacked
- 14 percent would report the hack on their social networks
“Despite a reasonable degree of awareness to potential threats, many subscribers (42 percent) increase their exposure to risk by not checking bills or not paying attention to app permissions. As subscribers, we need to take more care and be more vigilant. However, cybercrime conducted through SS7 vulnerabilities in the network may be completely invisible to consumers. The right place to tackle these threats is in the network, but right now many networks are not adequately protected from potential signalling attacks. Now is the time for the operators to join the fight against cybercrime,” concluded Windle.