Since long time ago, hackers were already playing around systems connected to IP network. Very few of them able to touch system which is not directly connected to IP network (such as satellite). Reason was obvious, they don’t have access to such system. But any other system such as e-commerce, operating systems (linux or windows), the hackers could get access to them. They can install microsoft windows at home, setup a fuzzer (my apology, it is in Indonesian language, but google is there to translate 😉 ), try to find vulnerabilities on any application inside windows or even the OS itself, once found, they will develop the exploit.
The exploit later can be used to gain access to other system connected to IP network like internet, some of them can be a webserver, ftp server, mail server, etc. Once the vulnerability found and circulated over closed or open community, other hackers can create evil application such as trojan, virus, using the same vulnerabilities. And then people will see some company become a victim of hacking activity, their valuable data stolen, their secret technology transferred or sold to comptitor, etc. All was started by some people doing their own ‘research’ using system which is accessible to their hand, they had time, they had resources, they had knowledge to do so.
One of my senior told me few years ago that telecommunication industry is exclusive, you can learn the concept at school (although I didn’t, as I took Information Technology at school), but that won’t make you a good engineer. You will have to learn the system again and again once you enter the industry. Those system are vendor specific. You couldn’t access telecommunication technology or simulate them from your own room / basement. Unless, of course, you hack some entry point and then gaining access to one of telecom industry internal network. However, eventhough you can access internal network, you will have to gain lot of knowledge of particular technology which is not freely available. Imagine SS7, or any other interface in telecom. Even though you understand the concept, you can’t just launch your fuzzer and analyze using debugger in order to find vulnerability. You have to setup your own lab to do so. That’s why it is difficult for most of hackers.
Trend changed now. Telecom industry is getting closer to IT technology. All are IP. This kind of news can confirm how telecom industry would be in very near future. I am glad to see the plan to acquire security company will be taken by telecommunication vendor. It is a bold and sophisticated move. Now we will see the portfolio of product released in future will be fully equipped with security on mind. I don’t say current portfolio released without proper security – the product for sure audited properly by security people and coordinated the result with its developers – but future technology would need more and more strenghtened security portfolio because people around the world will have access easily to various telecom platform.
Common hackers would deal with a lot of difficulties as of now whenever they want to take down or exploit RAN system. Not even ability to gain access, there have been no easy transport technology available for them to interact with RAN system. But future technology is different, that’s why it need to be equipped with strong security stuff in order to guide or defend these systems from hacker’s hand.
DISCLAIMER: Opinions expressed are solely my own and do not express the views or opinions of my employer.