SMS and one-time-password interception in LTE networks

The Interconnection network connects the communication networks themselves to each other enabling features such as roaming and data services between those said networks. It has been known since 2014 that using the legacy SS7 (Signaling System No. 7) protocol SMS based traffic can be intercepted. Network providers are now moving towards diameter based LTE networks with the hope that the additional security provided in that protocol also improves overall interconnection security. In this article we will show how SMS can be intercepted using diameter based networks independently of device or OS type. We will show the practical impact upon services such as those provided by Google, Microsoft, Twitter, etc. We will summarize the reaction of twitter to the responsible disclosure, potential countermeasures and future research outlook.