Security scans done over months have revealed that the GPRS Roaming Exchange (GRX) network is vulnerable to being accessed by unscrupulous elements.
The GRX networks, which carry roaming traffic among mobile operators worldwide, are isolated and inaccessible from the internet. There are only about 25 such networks in existence, which are supposed to be available to a select group of established telecommunication operators.
But security scans found that 5,500 of the 42,000 live GRX hosts are accessible from the Internet. In several cases they were found to be using outdated software with known critical remote code execution vulnerabilities such as old versions of BIND, Exim, Sendmail, OpenBSD ftpd, ProFTPD, VxWorks ftpd, Apache, Microsoft IIS, Oracle HTTP Server, Samba and others.
The scans on GRX were undertaken by Stephen Kho and Rob Kuiters, a penetration tester and an incident response handler working with Dutch telecom company KPN.
The duo made the revelations at the Hack in the Box (HITB) security conference in Amsterdam.
In a statement on the HITB website, Kho and Kuiters said that they were inspired to do the scans after Edward Snowden's revelations last year that the UK Government Communications Headquarters (GCHQ) hacked into the GRX network of Belgian telecom operator Belgacom International Carrier Services.
The GCHQ was alleged to have used the GRX routers to snoop on mobile users.
The scans show that services such GTP (GPRS Tunneling Protocol) and DNS (Domain Name System), SMTP (Simple Mail Transfer Protocol), FTP (File Transfer Protocol), HTTP (Hypertext Transfer Protocol), Telnet, SMB (Server Message Block) and SNMP (Simple Network Management Protocol) seem to have been exposed, reported PC World.
According to Kho and Kuiters, accessing the GRX networks was easy as it could be done by using easily available tools like Metasploit.
Photo courtesy of Xedos4/ Freedigitalphotos.net