Global Mobile Roaming Hub Accessible From the Internet and Vulnerable, Researchers Find
The GPRS Roaming Exchange (GRX) network, which carries roaming traffic among hundreds of mobile operators worldwide, contains Internet-reachable hosts that run vulnerable and unnecessary services, recent security scans reveal.
The scans were performed over a period of several months by Stephen Kho and Rob Kuiters, a penetration tester and an incident response handler from KPN, the largest telecommunications provider in the Netherlands.
The two security experts were inspired to test how vulnerable the GRX network is, after news reports last year claimed that British intelligence agency GHCQ targeted network engineers from Belgacom, a large Belgian telecom provider, to access the company's GRX routers and intercept mobile roaming traffic. BICS, a subsidiary of Belgacom, is one of the approximately 25 GRX providers worldwide that act as hubs for connecting mobile operators to their roaming partners worldwide. The roaming traffic of mobile subscribers in different countries almost certainly passes through the GRX infrastructure of one of these providers.