SlideShare uma empresa Scribd logo

Crash course of Mobile (SS7) privacy and security

Arturo Filastò
Arturo Filastò

We will discuss the three main aspects related to mobile security: Interception, Geolocation, Denial of Service.

TecnologiaNegócios
1 de 28
Baixar para ler offline
COVER The Athens Affair How some extremely smart hackers pulled off the most audacious cell-network break-in ever By VASSILIS PREVELAKIS, DIOMIDIS SPINELLIS / JULY 2007 On 9 March 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months. The next day, the prime minister of Greece was told that his cellphone was being bugged, as were those of the mayor of Athens and at least 100 other high-ranking dignitaries, including an employee of the U.S. embassy [see sidebar "CEOs, MPs, & a PM."] The victims were customers of Athens-based Vodafone-Panafon, generally known as Vodafone Greece, the country's largest cellular service provider; Tsalikidis was in charge of network planning at the company. A connection seemed obvious. Given the list of people and their positions at the time of the tapping, we can only imagine the sensitive political and diplomatic discussions, high-stakes business deals, or even marital indiscretions that may have been routinely overheard and, quite possibly, recorded. Even before Tsalikidis's death, investigators had found rogue software Photo: Fotoagentur/Alamy installed on the Vodafone Greece phone network by parties unknown. Some extraordinarily knowledgeable people either penetrated the network from outside or subverted it from within, aided by an agent or mole. In either case, the software at the heart of the phone system, investigators later discovered, was reprogrammed with a finesse and sophistication rarely seen before Crash course of Mobile (SS7) or since. A study of the Athens affair, surely the most bizarre and embarrassing scandal ever to engulf a major cellphone service provider, sheds considerable light on the measures networks can and should take to reduce their vulnerability privacy and security to hackers and moles. It's also a rare opportunity to get a glimpse of one of the most elusive of cybercrimes. Major network penetrations of any kind are exceedingly uncommon. They are hard to pull off, and equally hard to investigate. Even among major criminal infiltrations, the Athens affair stands out because it may have involved state secrets, and it Monday, October 3, 2011 targeted individuals—a combination that, if it had ever occurred before, was not disclosed publicly. The most notorious
$ whoarewe • Arturo Filastò • Jacob Appelbaum • The Tor Project • The Tor Project • A Random • I break bad software GlobaLeaks and build better Developer alternatives • I hack on stuff for • Understanding censorship fun and profit! @hellais @ioerror Monday, October 3, 2011
Once upon a time... Monday, October 3, 2011
The 3 issues • Interception • Geolocation • Denial of Service Monday, October 3, 2011
Interception • Can be lawful or unlawful • Tactical vs Non-Tactical Monday, October 3, 2011
“Lawful Intercept” Monday, October 3, 2011
What technologies can be intercepted? • GSM • CDMA • iDEN • Thuraya • BGAN/Inmarsat • VSAT Monday, October 3, 2011
Who? • Law enforcement • National Secret Service • Foreign Secret Service • Large corporations • Outsourced intelligence service providers • Organized crime • Military organizations Monday, October 3, 2011
Targets of Interception • A person • A medium (think wire tap) • A device (think rootkit) • Parametric • Keywords (sniffing for triggers) • Perimeter (area sniffing) Monday, October 3, 2011
Why? • The architecture is designed for it • To suppress uprisings • To collect intelligence • Monitor behavior Monday, October 3, 2011
How is this possible? • The security is outdated; take GSM... • No effort has been made to fix it • A5/1 is broken • A5/2 is purposefully broken • A5/3 is a bit better but not implemented (http://security.osmocom.org/trac/ticket/ 4) Monday, October 3, 2011
IMSI catchers Monday, October 3, 2011
Active IMSI catchers Monday, October 3, 2011
More accessible • This equipment used to be very expensive • But with projects such as USRP and OsmocomBB this is no longer true Monday, October 3, 2011
Passive GSM sniffers + = Monday, October 3, 2011
Passive GSM sniffers + = Interception for 50$ Monday, October 3, 2011
Geolocation • Where are you? • Various technologies give various levels of accuracy • SS7 (HLR, ATI) • Stingray and AmberJack Monday, October 3, 2011
Location Tracking Monday, October 3, 2011
Walled Garden • For accessing SS7 there used to be: • High costs • Strict peering agreements • Not designed with security in mind Monday, October 3, 2011
The GSM network OsmocommBB OpenBTS BSC APIs to HLR subscriber BTS BSC MSC VLR HLR SMSC OpenBSC VLR MSC SMS Injection Monday, October 3, 2011
Macro Area Geolocation • With network interrogations • A feature to SMS sending • The level of detail goes from 1km in cities to 200km in rural areas Monday, October 3, 2011
More detail is possible • Other privacy invading queries exists • PSI, ATI • Reach a level of detail of ~100m • Require, more strict agreements with telcos • If you know where to ask... • ... you will get them • (that means if you have the $$$) Monday, October 3, 2011
Denial of Service • You just want to stop that or those people communicating. Monday, October 3, 2011
Monday, October 3, 2011
Jammers Monday, October 3, 2011
Jammers Monday, October 3, 2011
Help! • Ok, so you have scared me. Now what should I do? • be aware of patterns and realities • use software on top of what is available • Tor, RedPhone, TextSecure, PrivateGSM, etc • Avoid bad software - eg: UltraSurf, SMS • Resist giving your ID for a SIM card! • If you are really worried or privacy and security don’t use mobile phones. • Until we create a free telco, we’re doomed. Monday, October 3, 2011
Thanks for listening! Any questions? Monday, October 3, 2011

Recomendados

What we can learn from LulzSec
What we can learn from LulzSecWhat we can learn from LulzSec
What we can learn from LulzSecPositive Hack Days
 
John “captain crunch” draper. history of hacking
John “captain crunch” draper. history of hackingJohn “captain crunch” draper. history of hacking
John “captain crunch” draper. history of hackingYury Chemerkin
 
Hacking
HackingHacking
HackingKarañ Lavharé
 
Hackers
HackersHackers
HackersPRESENTATIONSFORESL
 
How private is your privacy?
How private is your privacy?How private is your privacy?
How private is your privacy?Jerric Lyns John
 
Famous hackers
Famous hackersFamous hackers
Famous hackersAshokkumar Gnanasekar
 
Hacking
HackingHacking
Hackingmubeenm50
 
Adonis castro seek r.p power point
Adonis castro seek r.p power pointAdonis castro seek r.p power point
Adonis castro seek r.p power pointAdonisCastro
 

Recomendados

What we can learn from LulzSec
What we can learn from LulzSecWhat we can learn from LulzSec
What we can learn from LulzSecPositive Hack Days
 
John “captain crunch” draper. history of hacking
John “captain crunch” draper. history of hackingJohn “captain crunch” draper. history of hacking
John “captain crunch” draper. history of hackingYury Chemerkin
 
Hacking
HackingHacking
HackingKarañ Lavharé
 
Hackers
HackersHackers
HackersPRESENTATIONSFORESL
 
How private is your privacy?
How private is your privacy?How private is your privacy?
How private is your privacy?Jerric Lyns John
 
Famous hackers
Famous hackersFamous hackers
Famous hackersAshokkumar Gnanasekar
 
Hacking
HackingHacking
Hackingmubeenm50
 
Adonis castro seek r.p power point
Adonis castro seek r.p power pointAdonis castro seek r.p power point
Adonis castro seek r.p power pointAdonisCastro
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohit Trimukhe
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko HypponenMikko Hypponen
 
Dark web
Dark webDark web
Dark webJoseGarcia1133
 
Voice security and privacy - Today’s solutions and technologies
Voice security and privacy - Today’s solutions and technologiesVoice security and privacy - Today’s solutions and technologies
Voice security and privacy - Today’s solutions and technologiesPrivateWave Italia SpA
 
All about Hacking
All about HackingAll about Hacking
All about HackingMadhusudhan G
 
Security in the world wide web
Security in the world wide webSecurity in the world wide web
Security in the world wide webJoseGarcia1133
 
Polinter11
Polinter11Polinter11
Polinter11Jeffrey Hart
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )Elipeta Sotabento
 
Bar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBarcamp Kerala
 
FBI–Apple encryption dispute
FBI–Apple encryption disputeFBI–Apple encryption dispute
FBI–Apple encryption disputeHaniAbdallah4
 
Technology creates social isolation and neurosis
Technology creates social isolation and neurosisTechnology creates social isolation and neurosis
Technology creates social isolation and neurosisBrennan Kellett
 
Hacking
Hacking Hacking
Hacking ANUSHAMOL2
 
Apple vs. FBI
Apple vs. FBIApple vs. FBI
Apple vs. FBIAndrew Birkeland
 
History of Old School Hacking
History of Old School HackingHistory of Old School Hacking
History of Old School HackingMatt Harasymczuk
 
E security
E securityE security
E securitydexseple
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hackingtangytangling
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed webNitish Joshi
 
I gangs hi tech gang communication-handout
I gangs hi tech gang communication-handoutI gangs hi tech gang communication-handout
I gangs hi tech gang communication-handoutCarter F. Smith, J.D., Ph.D.
 
Computer crimes
Computer crimesComputer crimes
Computer crimesHarshith Reddy
 
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)Fabio Pietrosanti
 
Legal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingLegal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingNeal Axton
 

Mais conteúdo relacionado

Mais procurados

AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko HypponenMikko Hypponen
 
Voice security and privacy - Today’s solutions and technologies
Voice security and privacy - Today’s solutions and technologiesVoice security and privacy - Today’s solutions and technologies
Voice security and privacy - Today’s solutions and technologiesPrivateWave Italia SpA
 
Security in the world wide web
Security in the world wide webSecurity in the world wide web
Security in the world wide webJoseGarcia1133
 
Bar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBarcamp Kerala
 
FBI–Apple encryption dispute
FBI–Apple encryption disputeFBI–Apple encryption dispute
FBI–Apple encryption disputeHaniAbdallah4
 
Technology creates social isolation and neurosis
Technology creates social isolation and neurosisTechnology creates social isolation and neurosis
Technology creates social isolation and neurosisBrennan Kellett
 
History of Old School Hacking
History of Old School HackingHistory of Old School Hacking
History of Old School HackingMatt Harasymczuk
 
E security
E securityE security
E securitydexseple
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hackingtangytangling
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed webNitish Joshi
 

Mais procurados (20)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
 
Dark web
Dark webDark web
Dark web
 
Voice security and privacy - Today’s solutions and technologies
Voice security and privacy - Today’s solutions and technologiesVoice security and privacy - Today’s solutions and technologies
Voice security and privacy - Today’s solutions and technologies
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
Security in the world wide web
Security in the world wide webSecurity in the world wide web
Security in the world wide web
 
Polinter11
Polinter11Polinter11
Polinter11
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )
 
Bar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 HackingBar Camp 11 Oct09 Hacking
Bar Camp 11 Oct09 Hacking
 
FBI–Apple encryption dispute
FBI–Apple encryption disputeFBI–Apple encryption dispute
FBI–Apple encryption dispute
 
Technology creates social isolation and neurosis
Technology creates social isolation and neurosisTechnology creates social isolation and neurosis
Technology creates social isolation and neurosis
 
Hacking
Hacking Hacking
Hacking
 
Apple vs. FBI
Apple vs. FBIApple vs. FBI
Apple vs. FBI
 
History of Old School Hacking
History of Old School HackingHistory of Old School Hacking
History of Old School Hacking
 
E security
E securityE security
E security
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hacking
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed web
 
I gangs hi tech gang communication-handout
I gangs hi tech gang communication-handoutI gangs hi tech gang communication-handout
I gangs hi tech gang communication-handout
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 

Semelhante a Crash course of Mobile (SS7) privacy and security

2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)Fabio Pietrosanti
 
Legal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingLegal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingNeal Axton
 
2600 v07 n1 (spring 1990)
2600 v07 n1 (spring 1990)2600 v07 n1 (spring 1990)
2600 v07 n1 (spring 1990)Felipe Prado
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Kenneth Carnesi, JD
 
Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?hackdemocracy
 
DSS - ITSEC Conference - Cellcrypt - Making secure voice calls - Riga Nov2011
DSS - ITSEC Conference - Cellcrypt - Making secure voice calls - Riga Nov2011DSS - ITSEC Conference - Cellcrypt - Making secure voice calls - Riga Nov2011
DSS - ITSEC Conference - Cellcrypt - Making secure voice calls - Riga Nov2011Andris Soroka
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentHamilton Turner
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
Historical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newHistorical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newDr. Arun Verma
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generationTony Lauro
 
Chapter 3 Computer Crimes
Chapter 3 Computer CrimesChapter 3 Computer Crimes
Chapter 3 Computer CrimesMar Soriano
 
Radterrorism Spb Oct04
Radterrorism Spb Oct04Radterrorism Spb Oct04
Radterrorism Spb Oct04martindudziak
 
Voice communication security
Voice communication securityVoice communication security
Voice communication securityFabio Pietrosanti
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet ReportAhmed Mater
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationHinne Hettema
 
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETYCRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETYijcisjournal
 
Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Gabor Szathmari
 

Semelhante a Crash course of Mobile (SS7) privacy and security (20)

2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)
 
Legal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingLegal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud Computing
 
2600 v07 n1 (spring 1990)
2600 v07 n1 (spring 1990)2600 v07 n1 (spring 1990)
2600 v07 n1 (spring 1990)
 
Sovereignty in Cyberspace
Sovereignty in CyberspaceSovereignty in Cyberspace
Sovereignty in Cyberspace
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01
 
Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?
 
DSS - ITSEC Conference - Cellcrypt - Making secure voice calls - Riga Nov2011
DSS - ITSEC Conference - Cellcrypt - Making secure voice calls - Riga Nov2011DSS - ITSEC Conference - Cellcrypt - Making secure voice calls - Riga Nov2011
DSS - ITSEC Conference - Cellcrypt - Making secure voice calls - Riga Nov2011
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile Environment
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 
Historical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newHistorical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes new
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
 
The Darknet Emerges
The Darknet EmergesThe Darknet Emerges
The Darknet Emerges
 
Chapter 3 Computer Crimes
Chapter 3 Computer CrimesChapter 3 Computer Crimes
Chapter 3 Computer Crimes
 
Radterrorism Spb Oct04
Radterrorism Spb Oct04Radterrorism Spb Oct04
Radterrorism Spb Oct04
 
Powerpoint
PowerpointPowerpoint
Powerpoint
 
Voice communication security
Voice communication securityVoice communication security
Voice communication security
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
 
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETYCRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
 
Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017
 

Último

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Último (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Crash course of Mobile (SS7) privacy and security

  • 1. COVER The Athens Affair How some extremely smart hackers pulled off the most audacious cell-network break-in ever By VASSILIS PREVELAKIS, DIOMIDIS SPINELLIS / JULY 2007 On 9 March 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months. The next day, the prime minister of Greece was told that his cellphone was being bugged, as were those of the mayor of Athens and at least 100 other high-ranking dignitaries, including an employee of the U.S. embassy [see sidebar "CEOs, MPs, & a PM."] The victims were customers of Athens-based Vodafone-Panafon, generally known as Vodafone Greece, the country's largest cellular service provider; Tsalikidis was in charge of network planning at the company. A connection seemed obvious. Given the list of people and their positions at the time of the tapping, we can only imagine the sensitive political and diplomatic discussions, high-stakes business deals, or even marital indiscretions that may have been routinely overheard and, quite possibly, recorded. Even before Tsalikidis's death, investigators had found rogue software Photo: Fotoagentur/Alamy installed on the Vodafone Greece phone network by parties unknown. Some extraordinarily knowledgeable people either penetrated the network from outside or subverted it from within, aided by an agent or mole. In either case, the software at the heart of the phone system, investigators later discovered, was reprogrammed with a finesse and sophistication rarely seen before Crash course of Mobile (SS7) or since. A study of the Athens affair, surely the most bizarre and embarrassing scandal ever to engulf a major cellphone service provider, sheds considerable light on the measures networks can and should take to reduce their vulnerability privacy and security to hackers and moles. It's also a rare opportunity to get a glimpse of one of the most elusive of cybercrimes. Major network penetrations of any kind are exceedingly uncommon. They are hard to pull off, and equally hard to investigate. Even among major criminal infiltrations, the Athens affair stands out because it may have involved state secrets, and it Monday, October 3, 2011 targeted individuals—a combination that, if it had ever occurred before, was not disclosed publicly. The most notorious
  • 2. $ whoarewe • Arturo Filastò • Jacob Appelbaum • The Tor Project • The Tor Project • A Random • I break bad software GlobaLeaks and build better Developer alternatives • I hack on stuff for • Understanding censorship fun and profit! @hellais @ioerror Monday, October 3, 2011
  • 3. Once upon a time... Monday, October 3, 2011
  • 4. The 3 issues • Interception • Geolocation • Denial of Service Monday, October 3, 2011
  • 5. Interception • Can be lawful or unlawful • Tactical vs Non-Tactical Monday, October 3, 2011
  • 7. What technologies can be intercepted? • GSM • CDMA • iDEN • Thuraya • BGAN/Inmarsat • VSAT Monday, October 3, 2011
  • 8. Who? • Law enforcement • National Secret Service • Foreign Secret Service • Large corporations • Outsourced intelligence service providers • Organized crime • Military organizations Monday, October 3, 2011
  • 9. Targets of Interception • A person • A medium (think wire tap) • A device (think rootkit) • Parametric • Keywords (sniffing for triggers) • Perimeter (area sniffing) Monday, October 3, 2011
  • 10. Why? • The architecture is designed for it • To suppress uprisings • To collect intelligence • Monitor behavior Monday, October 3, 2011
  • 11. How is this possible? • The security is outdated; take GSM... • No effort has been made to fix it • A5/1 is broken • A5/2 is purposefully broken • A5/3 is a bit better but not implemented (http://security.osmocom.org/trac/ticket/ 4) Monday, October 3, 2011
  • 13. Active IMSI catchers Monday, October 3, 2011
  • 14. More accessible • This equipment used to be very expensive • But with projects such as USRP and OsmocomBB this is no longer true Monday, October 3, 2011
  • 15. Passive GSM sniffers + = Monday, October 3, 2011
  • 16. Passive GSM sniffers + = Interception for 50$ Monday, October 3, 2011
  • 17. Geolocation • Where are you? • Various technologies give various levels of accuracy • SS7 (HLR, ATI) • Stingray and AmberJack Monday, October 3, 2011
  • 19. Walled Garden • For accessing SS7 there used to be: • High costs • Strict peering agreements • Not designed with security in mind Monday, October 3, 2011
  • 20. The GSM network OsmocommBB OpenBTS BSC APIs to HLR subscriber BTS BSC MSC VLR HLR SMSC OpenBSC VLR MSC SMS Injection Monday, October 3, 2011
  • 21. Macro Area Geolocation • With network interrogations • A feature to SMS sending • The level of detail goes from 1km in cities to 200km in rural areas Monday, October 3, 2011
  • 22. More detail is possible • Other privacy invading queries exists • PSI, ATI • Reach a level of detail of ~100m • Require, more strict agreements with telcos • If you know where to ask... • ... you will get them • (that means if you have the $$$) Monday, October 3, 2011
  • 23. Denial of Service • You just want to stop that or those people communicating. Monday, October 3, 2011
  • 27. Help! • Ok, so you have scared me. Now what should I do? • be aware of patterns and realities • use software on top of what is available • Tor, RedPhone, TextSecure, PrivateGSM, etc • Avoid bad software - eg: UltraSurf, SMS • Resist giving your ID for a SIM card! • If you are really worried or privacy and security don’t use mobile phones. • Until we create a free telco, we’re doomed. Monday, October 3, 2011
  • 28. Thanks for listening! Any questions? Monday, October 3, 2011