# MNO controls to address DFS vulnerabilities due to SS7 1. **Secure GSM ciphers for radio network traffic**: The mobile operator should ensure the use of secure radio encryption between users' devices and base stations. 2. **Session time out:** use session timeout for USSD and STK to reduce success man in the middle attacks. 3. **USSD PIN masking:** Deploy USSD PIN masking whenever possible. 4. **Secure and monitor core network traffic**: Use a TLS v1.2 or higher to secure the connection between the SMSC GW, USSD GW, and the DFS application server. 5. **Limit access to traces and logs**: Ensure there is an auditable process in place to review access to traces and logs on interfaces that use inherently insecure protocols. USSD PINs should not be logged in the event data records. 6. **SMS filtering**: Remote attackers rely on mobile networks to deliver binary SMS to and from victim phones. Mobile operators should implement blocking the ability to send and receive binary messages like OTA SMS. Such SMS should only be allowed from whitelisted sources. 7. **SMS home routing:** This is the barring of all outgoing and incoming SMS except those routed through the home network hosts. OTA messages with STK coding from home subscribers should be restricted to only be sent to/by the MNO platform—and not to other subscribers. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://itu.gitbook.io/ss7-vulnerability-security-controls/security-controls-for-regulators-to-mitigate-ss7-vulnerabilities/mno-controls-to-address-dfs-vulnerabilities-due-to-ss7.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.