Sonar- Detecting SS7 Redirection Attacks With Audio-Based Distance Bounding

Explore a conference talk on detecting SS7 redirection attacks using audio-based distance bounding. Delve into the vulnerabilities of the global telephone network's Signaling System 7 (SS7) protocol and learn about Sonar, a system designed to identify call redirection attacks. Discover how Sonar measures call audio round-trip times to detect anomalies caused by redirected calls traveling longer physical distances. Examine the implementation of a secure distance bounding-inspired protocol and its effectiveness in characterizing round-trip times between call endpoints. Analyze the results of extensive testing across the United States, including real SS7 redirection attacks, demonstrating Sonar's ability to detect redirections with high accuracy and low false positive rates. Gain insights into the limitations of this approach and its potential impact on protecting the integrity of telephone calls worldwide.

Intro
Let's Intercept A Phone Call!
Signaling System No. 7 (SS7)
Wait, Why Does This Matter?
Let's Measure the Distance
Adversarial Model
Acoustic Distance Bounding Wendy on distance bounding
Differences From IP Networks
Hypothesis Testing
Large-Scale Testing
Results Consistency
The Real Deal
And The Winner Is...
Limitations
Conclusions
Questions