* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/)
* Silent No More: Mobile Ro...

# Silent No More: Mobile Roamers Spur a Security Evolution

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fsp-silent-no-mobile-roamers-spur-security-evolution%2F)  
[](https://twitter.com/share?text=Silent+No+More%3A+Mobile+Roamers+Spur+a+Security+Evolution&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fsp-silent-no-mobile-roamers-spur-security-evolution%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F11%2Fsp-silent-no-mobile-roamers-spur-security-evolution%2F&title=Silent+No+More%3A+Mobile+Roamers+Spur+a+Security+Evolution&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2018/11/sp-silent-no-mobile-roamers-spur-security-evolution/&ts=markdown)  
\[\](mailto:?subject=Silent No More: Mobile Roamers Spur a Security Evolution)  
Link copied  
By [Terry Young](https://www.paloaltonetworks.com/blog/author/terry-young/?ts=markdown "Posts by Terry Young")  
Nov 07, 2018  
5 minutes  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)  
[Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)  
[GPRS Tunneling Protocol](https://www.paloaltonetworks.com/blog/tag/gprs-tunneling-protocol/?ts=markdown)  
[GSMA](https://www.paloaltonetworks.com/blog/tag/gsma/?ts=markdown)  
[service provider](https://www.paloaltonetworks.com/blog/tag/service-provider/?ts=markdown)

Were you a "silent roamer"?

If you used to travel internationally, turned off your cellular radio while searching desperately for an internet available café with Wi-Fi or purchased an in-country SIM, then you were a "silent roamer." Today, with premium roaming charges significantly diminished by global mobile network operators, mobile subscribers don't have to fear "bill shock," change their usage patterns or avoid accessing their favorite services. International roaming has become part of the seamless mobile experience.

For mobile network operators, however, this step change in roaming has caused considerable change and exposed new vulnerabilities. Many network operators are still adjusting to the shift and are now re-examining security on the roaming network. Roaming traffic volumes, devices, and partners have all increased -- exposing a broader attack surface for malicious actors and increasing the likelihood of unintentional events impacting network availability.

The Rise in Roaming Traffic

As a result of the EU commission ruling on "Roam Like at Home" as well as other tariff changes, traffic volume has shot up and revenue declined. Roaming traffic has grown exponentially in the last year. No longer afraid of the cost, the so-called "silent roamers" are adopting the same usage patterns that they have when they are not roaming. Seamless, transparent mobile access was the object of the Roam Like at Home initiative. That also means roaming traffic and subscribers are vulnerable to the same malicious threats as elsewhere in the network.

At one time, mobile roaming was relatively simple. A typical operator had a few key roaming agreements, and the volume of (mostly voice) traffic was small due to the high price. Now, Tier 1 operators offer hundreds of destinations and can have up to 100 roaming agreements per country, per network technology, including voice, data, video and text/SMS. The types and volume of devices roaming are of the same composition as the rest of the network and now include numerous IoT devices.

More MVNO models are also emerging. Traditional mobile virtual network operators offer lower prices to consumers and businesses and often include cheap international roaming as part of that package. With IoT expanding, some MVNOs have specialized on the IoT market. With vLTE- or EPC-in-a-box, it is much less costly for IoT solution providers or large enterprises to provide more mobile core network elements themselves and control subscribers through their own network. Companies like Rakuten. an on-line market in Japan, can become MVNOs. Electric utilities with SIM-enabled smart meters can now become MVNOs and gain better control and security over their IoT devices.

The Impact on Operators

What this means for operators is that a once relatively easy-to-manage part of their network has suddenly become much more complex and difficult to secure. This increase in roaming traffic will change the threat landscape. Those who want to damage the reputation of the operator now have a new point of attack. Service disruption to the roaming network could now impact a lot more customers and have greater implications.

As a result, more operators are re-examining their security approach in roaming. In our discussions with operators and in the trials we have conducted, we have also found that the threats found on the SGi are also found on roaming. We have observed ransomware, such as Locky, and cryptocurrency mining, such as Coinhive and CoinMiner, both of which have severe impact on subscribers and have also been reported much in the news. In almost every single trial we have conducted, we have observed C2 traffic between devices and malicious sites known to be associated with botnet activity.

Roaming is also vulnerable to conditions and attacks that are unique to the GPRS Tunneling Protocols (GTP) used in roaming.

The mobile industry [GSM Association](https://www.gsma.com/) (GSMA) published roaming guidelines for operators. The documents identify vulnerabilities found in the GTP protocol, the protocol used for roaming, and describe how they can be manipulated for a malicious action or be the result of an unintentional event, such as network element malfunction, natural disaster, or network outage, all of which can cause message floods or network elements to malfunction or fail.

Many operators have not previously followed GSMA guidelines or updated their security infrastructure in this area of the network for years, if they have any at all. For the most part, operators are blind to what is now coming across their roaming interface. If you can't see the threats, you can't protect your network against them, and you also can't offer a security answer for your important customers or maintain that level of trust that has been so important to building your business.

The Palo Alto Networks Security Operating Platform provides consistent, application-layer visibility and enforcement for the roaming interface and across all other mobile network peering points. The platform also provides a set of mobile network infrastructure features that provide protection against a number of signaling vulnerabilities and allow operators to easily see who and what is impacting the network. With this strong visibility and mobile infrastructure functionality, mobile network operators can be assured that their network will be protected against any roaming-initiated threats.

*** ** * ** ***

## Related Blogs

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Establishing a New Approach for 5G Security](https://www.paloaltonetworks.com/blog/2018/11/sp-establishing-new-approach-5g-security/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Malicious Cryptocurrency Mining Digs Into Mobile](https://www.paloaltonetworks.com/blog/2018/09/sp-malicious-cryptocurrency-mining-digs-mobile/)

### [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Seamless Service Provider Network Attach with Prisma SASE](https://www.paloaltonetworks.com/blog/sase/seamless-service-provider-network-attach-with-prisma-sase/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Empowers MSPs with Prisma SASE Enhancements](https://www.paloaltonetworks.com/blog/2023/08/msps-with-prisma-sase-enhancements/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Orange Cyberdefense and Palo Alto Networks Lead with Zero Trust](https://www.paloaltonetworks.com/blog/2022/10/orange-cyber-defense-with-zero-trust/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Partners with BT to Offer Managed SASE](https://www.paloaltonetworks.com/blog/2022/05/partners-with-bt-offer-managed-sase/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language