Telecommunications Security Glossary

Legacy signaling protocol used in 2G/3G networks for call setup, SMS delivery, and mobility management. Despite its age, SS7 remains widely deployed and is known for significant security vulnerabilities.

Unique identifier stored on a SIM card that identifies a subscriber in mobile networks. Consists of MCC (Mobile Country Code), MNC (Mobile Network Code), and MSIN (Mobile Subscriber Identification Number).

The telephone number associated with a mobile subscription. Unlike IMSI, MSISDN is the number users dial to reach a subscriber.

Social engineering attack where an attacker convinces a mobile carrier to transfer a victim's phone number to a SIM card controlled by the attacker, enabling account takeover and 2FA bypass.

SS7 protocol layer that provides application-level services for mobile networks, including location updates, SMS delivery, and authentication. Common target for SS7 attacks.

Central database containing subscriber information and service profiles. Stores authentication keys, current location, and service subscriptions.

Temporary database that stores information about subscribers currently roaming in its area. Works in conjunction with HLR for mobility management.

Surveillance device that impersonates a legitimate cell tower to force mobile devices to connect, allowing interception of communications and identification of subscribers.

Authentication, authorization, and accounting protocol used in 4G/5G networks. Successor to RADIUS with enhanced security features, though still vulnerable to various attacks.

Protocol used to carry user data and signaling between network nodes in mobile packet networks. Exists in control plane (GTP-C) and user plane (GTP-U) variants.

Technology for delivering voice calls over 4G LTE networks using IP-based protocols. Offers improved call quality but introduces new security challenges.

Sophisticated attack exploiting S@T Browser application on SIM cards via binary SMS to track location, intercept communications, and perform unauthorized operations.

Protocol suite for transporting SS7 signaling over IP networks, bridging legacy SS7 and modern IP-based infrastructure.

Signaling protocol for initiating, maintaining, and terminating real-time sessions including VoIP calls and multimedia communications.

Authentication algorithm used in GSM SIM cards. COMP128v1 has known vulnerabilities allowing Ki key extraction, while v2 and v3 offer improved security.

128-bit secret key stored on SIM card and in network authentication center. Used for subscriber authentication and encryption key generation.

Technology for remotely managing and updating SIM cards via SMS or other wireless channels. Can be exploited if not properly secured.

SS7 protocol layer providing connectionless and connection-oriented network services. Used for routing messages based on Global Titles.

Address format used in SS7 networks for routing messages. Can be phone numbers, IMSI, or other identifiers translated to destination point codes.

Central database in 4G/5G networks that stores subscriber profiles and authentication information. Evolution of HLR for LTE/5G networks.