SlideShare a Scribd company logo

How to Intercept a Conversation Held on the Other Side of the Planet

Positive Hack Days
Positive Hack Days
TechnologyBusiness
1 of 140
Download to read offline
How to Intercept a Conversation Held on the Other Side of the Planet
Who we are Sergey Puzankov Dmitry Kurbatov Information Security Specialists Positive Technologies
Denial of Service on Mobile Switching Center Fraud in SS7 network Short Message Interception USSD Money Transfer Subscriber’s Location Voice Call Interception Hot for Mobile network operators Hot for everyone Topics
All of us are subscribers Service Availability Quality of Service Security
Mobile Services Dynamics Voice Mobile Data Traffic
Yesterday: Closed Ecosystems
Today: Unified Technologies
Today: Common Interfaces
Today: IP Connectivity
Today: Widen Borders Get your own femtocell • Hack it • Upload modified firmware • Make a call/SMS interception • Get into IPsec • Get into Core network
Tomorrow: virtualization
SIGTRAN Time Machine Through SIGTRAN back to 1970’s
SS7 SS7 Network HLR A B MSC VLR Gateway MSC Billing SMS-C
SS7 HLRMSC VLR Gateway MSC Billing SMS-C Radio Part A B Cell Phone Base Transceiver Station Base Station Controller
SS7 MSC/VLR HLR A B Gateway MSC Billing SMS-C MSC VLR Mobile Switching Center Visitor Location Register
SS7 Gateway MSC HLR A B MSC VLR Billing SMS-C Gateway MSC Gateway Mobile Switching Center
SS7 SMS-C HLR A B MSC VLR Gateway MSC Billing SMS-C Short Message Service Center
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C Homeу Location Register HLR
SS7 Billing A B MSC VLR Gateway MSC SMS-C HLR Billing
SS7 IDs HLR A B MSC VLR Gateway MSC Billing SMS-C GT – Global Title 0 123 4567890
SS7 IDs HLR A B MSC VLR Gateway MSC Billing SMS-C GT – Global Title 0 123 4567890 MSISDN – A or B mobile numbers 0 123 4567890
SS7 IDs HLR A B MSC VLR Gateway MSC Billing SMS-C GT – Global Title 0 123 4567890 MSISDN – A or B mobile numbers 0 123 4567890 MSRN – Mobile Subscriber Roaming Number 0 123 4567890
SS7 IDs HLR A B MSC VLR Gateway MSC Billing SMS-C GT – Global Title 0 123 4567890 MSISDN – A or B mobile numbers 0 123 4567890 MSRN – Mobile Subscriber Roaming Number 0 123 4567890 IMSI – International Mobile Subscriber Identity 15 digits
SS7 How to get in? HLR A B MSC VLR Gateway MSC Billing SMS-C
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS Core PS Core IMS Core Networks
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto Access Networks
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX Exchange Points
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support Support
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support IT IT network
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support Internet Internet IT network
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support Internet IT networkTraffic
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support Internet IT networkThreats Attacker Attacker Attacker Attacker AttackerAttacker
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support Internet IT networkThreat Attacker Attacker Attacker Attacker AttackerAttacker
Mobile Switching Center DoS Just like DHCP Starvation
SS7 Collect info HLR Attacker B Gateway MSC We know B-Number 0 123 4567802 MSC VLR
SS7 Collect info HLR Attacker as SMSC B MSC VLR Gateway MSC 1 We know B-Number 0 123 4567802 SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802?
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Attacker as SMSC
SS7 Make it starve HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits 3PRNprovideRoamingNumber I am HLR. My GT 1 321 4567801. Provide MSRN for Subscriber-B IMSI 15 digits.
SS7 Make it starve HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 3PRN 4 provideRoamingNumber MSRN 0 123 4560001
SS7 Make it starve HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 3PRN 4 Default timeouts for MSRN: • Ericsson – 30 sec • Huawei – 45 sec provideRoamingNumber MSRN 0 123 4560001
SS7 Make it starve HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 … MSRN 0 123 4569999 3PRN 4 provideRoamingNumber I am HLR. My GT 1 321 4567801. Provide MSRN for Subscriber-B IMSI 15 digits. provideRoamingNumber I am HLR. My GT 1 321 4567801. Provide MSRN for Subscriber-B IMSI 15 digits. provideRoamingNumber I am HLR. My GT 1 321 4567801. Provide MSRN for Subscriber-B IMSI 15 digits.… provideRoamingNumber MSRN 0 123 4560001provideRoamingNumber MSRN 0 123 4560001 provideRoamingNumber MSRN 0 123 4569999…
SS7 Make it starve HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 … MSRN 0 123 4569999 3PRN 4 provideRoamingNumber I am HLR. My GT 1 321 4567801. Provide MSRN for Subscriber-B IMSI 15 digits.
SS7 HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 … MSRN 0 123 4569999 3PRN 4 noRoamingNumberAvailable Make it starve
SS7 HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 … MSRN 0 123 4569999 3PRN 4 noRoamingNumberAvailable Make it starve
SS7 DoS HLR Attacker as HLR B Gateway MSC Real HLR 10k – 500k MSC VLR
SS7 DoS HLR Attacker as HLR Gateway MSC PRN Real HLR B 10k – 500k MSC VLR 3 provideRoamingNumber I am HLR. My GT 1 321 4568701. Provide MSRN for Subscriber-ANY IMSI 15 digits.
SS7 DoS HLR Attacker as HLR Gateway MSC PRN Real HLR B 10k – 500k MSC VLR 3 4 noRoamingNumberAvailable
SS7 DoS HLR Attacker as HLR Gateway MSC PRN Real HLR B 10k – 500k MSC VLR 3 4 No incoming calls Sad calling party
Fraud in SS7
SS7 SS7 interconnection HLRMSC VLR Gateway MSC Billing SMS-C HLRMSC VLR Gateway MSC Billing SMS-C HLRMSC VLR Gateway MSC Billing SMS-C Trusted environment
Leadership team HLRMSC VLR Gateway MSC Billing SMS-C CEO CSO CMO CCO CLO
Leadership team HLRMSC VLR Gateway MSC Billing SMS-C CEO CSO CMO CCO CLO Really?! Trust them?
Uncharged calls 1) Spoof MSC 2) Initiate «home network» call 3) Forward call anywhere
SS7 Collect info HLR Attacker B MSC VLR Gateway MSC We know B-Number 0 123 4567802 A
SS7 Collect info HLR Attacker as SMSC B MSC VLR Gateway MSC 1 We know B-Number 0 123 4567802 SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802? A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Attacker as SMSC A
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-B IMSI 15 digits. We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-B IMSI 15 digits. We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits HLR stores Subscriber-B IMSI 15 digits MSC/VLR 1 321 4567801 4
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits HLR stores Subscriber-B IMSI 15 digits MSC/VLR 1 321 4567801 4 We serve Subscriber-B
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 GatewayMSC knows nothing
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 5 6 sendRoutingInfo Where is Subscriber-B MSISDN 0 123 4567802 = Where is Subscriber-B located?
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 6 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 7 provideSubscriberInfo I am HLR. My GT 0 123 4567800. Provide location for the Subscriber-B.
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 6 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 7 8 provideSubscriberInfo Subscriber-B is in the Home network.
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 6 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 GatewayMSC knows that Subscriber-B is at home. This information will be sent to a billing platform. 7 8 8
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 5 9 sendRoutingInfo Where is Subscriber-B MSISDN 0 123 4567802 located = What is MSRN for Subscriber-B?
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 9 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 provideRoamingNumber I am HLR. My GT 0 123 4567800. Provide MSRN for Subscriber-B IMSI 15 digits. 10
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 9 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 provideRoamingNumber MSRN 53 12345678 10 11
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 9 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 GatewayMSC knows Subscriber-B MSRN 53 12345678 10 11 11
SS7 Forward a call to… Cuba HLR Attacker as MSC B MSC VLR Gateway MSCA 5 9 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 GatewayMSC knows Subscriber-B MSRN 53 12345678 10 11 11 12
SS7 Forward a call to… HLR Attacker as MSC B MSC VLR Gateway MSCA 5 9 provideRoamingNumber MSRN 53 12345678 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 GatewayMSC knows Subscriber-B MSRN 53 12345678 10 11
Who pays? ACall from to while at “home” = $ 0.05B ACall from to = $ 1.00Cuba
Who pays? ACall from to while at “home” = $ 0.05B ACall from to = $ 1.00Cuba $ 1.00 - $ 0.05 = $ 0.95 – Attacker profit
Call from to = $ 0.30 Who pays? ACall from to while at “home” = $ 0.05B ACall from to = $ 1.00Cuba $ 1.00 - $ 0.05 = $ 0.95 – Attacker profit How much Mobile operator loses? MNO Cuba
SMS Interception 1) Collect info 2) Spoof MSC 3) Receive incoming SMSs
SS7 Collect info HLR Attacker B MSC VLR Gateway MSC We know B-Number 0 123 4567802 A SMS-C
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802? SMS-C
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits SMS-C
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-B IMSI 15 digits. We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits SMS-C
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits HLR stores Subscriber-B IMSI 15 digits MSC/VLR 1 321 4567801 4 We serve Subscriber-B SMS-C
SS7 SMS interception HLR B MSC VLR Gateway MSC 5 Attacker as MSC A SMS-C 5 “Hi, meet at 8pm at Baker Street”
SS7 SMS interception HLR B MSC VLR Gateway MSC 5 6 Attacker as MSC A sendRoutingInfoForSM I am SMSC. My GT 0 123 4567804. Where is Subscriber-B MSISDN 0 123 4567802? SMS-C 5 “Hi, meet at 8pm at Baker Street”
SS7 SMS interception HLR B MSC VLR Gateway MSC 7 5 6 Attacker as MSC A sendRoutingInfoForSM I am SMSC. My GT 0 123 4567804. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 1 321 4567801 Subscriber-B IMSI 15 digits SMS-C 5 “Hi, meet at 8pm at Baker Street” HLR sends Attacker address instead of real MSC!
SS7 SMS interception HLR B MSC VLR Gateway MSC 7 5 6 8 Attacker as MSC A sendRoutingInfoForSM I am SMSC. My GT 0 123 4567804. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 1 321 4567801 Subscriber-B IMSI 15 digits SMS-C 5 “Hi, meet at 8pm at Baker Street” SMS-C routes this SMS to the received address.
SS7 SMS interception HLR B MSC VLR Gateway MSC 7 5 6 8 Attacker as MSC A sendRoutingInfoForSM I am SMSC. My GT 0 123 4567804. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 1 321 4567801 Subscriber-B IMSI 15 digits SMS-C 5 “Hi, meet at 8pm at Baker Street” SMS-C routes this SMS to the received address.
SMS interception 1. SMS chats 2. One time passwords 3. Confirmation codes 4. Password recovery
Money Transfer Using USSD 1) Collect info 2) Request account status 3) Transfer money
SS7 Collect info HLR Attacker B MSC VLR Gateway MSC We know B-Number 0 123 4567802 A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802?
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits
SS7 Send USSD 1 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits *100#3 processUnstructuredSS-Request I am MSC/VLR. Request how much money has subscriber with IMSI 15 digits?
SS7 Send USSD 1 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA processUnstructuredSS-Request I am MSC/VLR. Request how much money has subscriber with IMSI 15 digits? We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Account info. 3 4 processUnstructuredSS-Request Subscriber’s account is $$$$$.
SS7 Send USSD 1 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Account info. 4 processUnstructuredSS-Request Subscriber’s account is $$$$$. processUnstructuredSS-Request I am MSC/VLR. Request how much money has subscriber with IMSI 15 digits? 3
SS7 Send USSD 2 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Account info. *123*01238765400*100# processUnstructuredSS-Request I am MSC/VLR. Transfer money from IMSI 15 digits to my mobile account. 5
SS7 Send USSD 2 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Account info. 6 processUnstructuredSS-Request OK. processUnstructuredSS-Request I am MSC/VLR. Transfer money from IMSI 15 digits to my mobile account. 5
SS7 Send USSD 2 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Real account info. Subscriber B does not get SMS notification if Attacker combines this attack with the previuos one. 6 processUnstructuredSS-Request OK. processUnstructuredSS-Request I am MSC/VLR. Transfer money from IMSI 15 digits to my mobile account. 5
SS7 Send USSD 2 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Real account info. Subscriber B does not get SMS notification if Attacker combines this attack with the previuos one. 6 processUnstructuredSS-Request OK. processUnstructuredSS-Request I am MSC/VLR. Transfer money from IMSI 15 digits to my mobile account. 5
Subscriber Location Discovery 1) Collect info 2) Receive Cell ID 3) Get point on the map
SS7 Collect info HLR Attacker B MSC VLR Gateway MSC We know B-Number 0 123 4567802 A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802?
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits
SS7 Get Cell ID HLR Attacker as HLR B MSC VLR Gateway MSC We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits 3PSIprovideSubscriberInfo I am HLR. My GT 1 321 4567801. Provide location for the Subscriber-B.
SS7 Get Cell ID HLR Attacker as HLR B MSC VLR Gateway MSC We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Cell ID 3PRN 4 provideSubscriberInfo Cell ID. provideSubscriberInfo I am HLR. My GT 1 321 4567801. Provide location for the Subscriber-B.
SS7 Get Cell ID HLR Attacker as HLR B MSC VLR Gateway MSC We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Cell ID 3PRN 4 provideSubscriberInfo Cell ID. provideSubscriberInfo I am HLR. My GT 1 321 4567801. Provide location for the Subscriber-B. MCC: 250 MNC: 90 LAC: 4A67 CID: 673D
SS7 Get location HLR Attacker as HLR B MSC VLR Gateway MSC We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Cell ID 5 MCC: 250 MNC: 90 LAC: 4A67 CID: 673D Search in Internet physical location by MCC, MNC, LAC, CID
Get location
Get location
Voice Call Interception 1) Collect info 2) Change subscriber profile 3) Add third party into mobile call
SS7 Collect info HLR Attacker B MSC VLR Gateway MSC We know A-Number 0 123 4567802 A Billing
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know A-Number 0 123 4567802 Attacker as SMSC A SRI4SM sendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-A MSISDN 0 123 4567802? Billing
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Attacker as SMSC A SRI4SM sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Billing sendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-A MSISDN 0 123 4567802?
SS7 Collect info HLR Attacker as MSC B MSC VLR Gateway MSCA 3 updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-A IMSI 15 digits. We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Billing
SS7 Collect info HLR Attacker as MSC B MSC VLR Gateway MSCA 3 We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Billing 4 insertSubscriberData Subscriber’s profile: • Allowed/prohibited services • Forwarding settings • Billing platform address updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-A IMSI 15 digits.
SS7 Collect info HLR Attacker as MSC B MSC VLR Gateway MSCA 3 We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 4 updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-A IMSI 15 digits. insertSubscriberData Subscriber’s profile: • Allowed/prohibited services • Forwarding settings • Address of billing platform
SS7 Collect info HLR Attacker as MSC B MSC VLR Gateway MSCA 5 We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing updateLocation I am MSC/VLR. My GT 1 321 4567801. Subscriber-A IMSI 15 digits is served by 0 123 4567803 5
updateLocation I am MSC/VLR. My GT 1 321 4567801. Subscriber-A IMSI 15 digits is served by 0 123 4567803 SS7 Collect info HLR Attacker as MSC B MSC VLR Gateway MSCA 5 We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 5
SS7 Change profile HLR Attacker as HLR B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 6 insertSubscriberData I am HLR. Change profile for Subscriber-A. Billing GT 1 321 4567801.
SS7 Change profile HLR Attacker as HLR B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 6 7 insertSubscriberData OK. insertSubscriberData I am HLR. Change profile for Subscriber-A. Billing GT 1 321 4567801.
SS7 Change profile HLR Attacker as HLR B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 6 7 insertSubscriberData OK. insertSubscriberData I am HLR. Change profile for Subscriber-A. Billing GT 1 321 4567801.
SS7 Change profile HLR Attacker B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 6 7 insertSubscriberData OK. insertSubscriberData I am HLR. Change profile for Subscriber-A. Billing GT 1 321 4567801.
SS7 Call interception HLR Attacker as Billing B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as Billing B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 9 9 HLR interrogation procedure: • sendRoutingInfo • provideSubscriberInfo Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as Billing B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing InitialDP Start billing . Subscriber-A 0 123 4567802 calls to Subscriber-B 0 123 4567805 10 Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as Billing B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing InitialDP Start billing . Subscriber-A 0 123 4567802 calls to Subscriber-B 0 123 4567805 10 Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as Billing B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing Proceed billing. ApplyCharging RequestReportBCSMEvent Connect Reroute call to number 1 321 4567802 InitialDP Start billing . Subscriber-A 0 123 4567802 calls to Subscriber-B 0 123 4567805 10 11 Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as MSC B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing IAM Continue call. Subscriber-A 0 123 4567802 calls to Subscriber-C 1 321 4567802 12 Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as MSC B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing 12 Subscriber A calls to Subscriber B. 8 13 IAM Continue call. Subscriber-A 0 123 4567802 calls to Subscriber-C 1 321 4567802
SS7 Call interception HLR Attacker as MSC B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing IAM Initiate a new call Subscriber-A 0 123 4567802 calls to Subscriber-B 0 123 4567805 12 14 Subscriber A calls to Subscriber B. 8 13 IAM Continue call. Subscriber-A 0 123 4567802 calls to Subscriber-C 1 321 4567802
SS7 Call interception HLR Attacker as MSC B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing IAM Initiate a new call Subscriber-A 0 123 4567802 calls to Subscriber-B 0 123 4567805 12 14 8 13 15 Subscriber A calls to Subscriber B. IAM Continue call. Subscriber-A 0 123 4567802 calls to Subscriber-C 1 321 4567802
Conclusion SS7 rules Just the tip of the iceberg
The End. Sergey Puzankov Dmitry Kurbatov spuzankov@ptsecurity.com dkurbatov@ptsecurity.com Questions?
How to Intercept a Conversation Held on the Other Side of the Planet

Recommended

Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
Worldwide attacks on SS7 network
Worldwide attacks on SS7 networkWorldwide attacks on SS7 network
Worldwide attacks on SS7 networkAlexandre De Oliveira
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkP1Security
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsP1Security
 
Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeAttacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeP1Security
 
SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.3G4G
 
Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...DefCamp
 

Recommended

Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
Worldwide attacks on SS7 network
Worldwide attacks on SS7 networkWorldwide attacks on SS7 network
Worldwide attacks on SS7 networkAlexandre De Oliveira
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkP1Security
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsP1Security
 
Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeAttacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeP1Security
 
SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.3G4G
 
Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...DefCamp
 
Philippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityPhilippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityP1Security
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 VulnerabilitiesPositiveTechnologies
 
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Alejandro Corletti Estrada
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkPositiveTechnologies
 
Telecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsTelecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsP1Security
 
Ss7 Introduction Li In
Ss7 Introduction Li InSs7 Introduction Li In
Ss7 Introduction Li Inmhaviv
 
IMS + VoLTE Overview
IMS + VoLTE OverviewIMS + VoLTE Overview
IMS + VoLTE OverviewHamidreza Bolhasani
 
Beginners: UICC & SIM
Beginners: UICC & SIMBeginners: UICC & SIM
Beginners: UICC & SIM3G4G
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Siddharth Rao
 
VoLTE flows - basics
VoLTE flows - basicsVoLTE flows - basics
VoLTE flows - basicsKarel Berkovec
 
Basic GSM Call Flows
Basic GSM Call FlowsBasic GSM Call Flows
Basic GSM Call Flowsemyl97
 
VoLTE_SRVCC_E2Erevised
VoLTE_SRVCC_E2ErevisedVoLTE_SRVCC_E2Erevised
VoLTE_SRVCC_E2ErevisedAmit Deshmukh
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX networkAlexandre De Oliveira
 
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresTelecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresPositiveTechnologies
 
Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)Hamidreza Bolhasani
 
VoLTE Flows and CS network
VoLTE Flows and CS networkVoLTE Flows and CS network
VoLTE Flows and CS networkKarel Berkovec
 
Signalling in EPC/LTE
Signalling in EPC/LTESignalling in EPC/LTE
Signalling in EPC/LTELeliwa
 
Ims call flow
Ims call flowIms call flow
Ims call flowMorg
 
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core NetworkHamidreza Bolhasani
 
WiFi-Based IMSI Catcher
WiFi-Based IMSI CatcherWiFi-Based IMSI Catcher
WiFi-Based IMSI CatcherShakacon
 
Quick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoiceQuick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoice3G4G
 
Introduction to Telco-OTT Services
Introduction to Telco-OTT ServicesIntroduction to Telco-OTT Services
Introduction to Telco-OTT ServicesMartin Geddes
 

More Related Content

What's hot

Philippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityPhilippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityP1Security
 
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Alejandro Corletti Estrada
 
Telecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsTelecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsP1Security
 
Ss7 Introduction Li In
Ss7 Introduction Li InSs7 Introduction Li In
Ss7 Introduction Li Inmhaviv
 
Beginners: UICC & SIM
Beginners: UICC & SIMBeginners: UICC & SIM
Beginners: UICC & SIM3G4G
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Siddharth Rao
 
Basic GSM Call Flows
Basic GSM Call FlowsBasic GSM Call Flows
Basic GSM Call Flowsemyl97
 
VoLTE_SRVCC_E2Erevised
VoLTE_SRVCC_E2ErevisedVoLTE_SRVCC_E2Erevised
VoLTE_SRVCC_E2ErevisedAmit Deshmukh
 
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresTelecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresPositiveTechnologies
 
Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)Hamidreza Bolhasani
 
VoLTE Flows and CS network
VoLTE Flows and CS networkVoLTE Flows and CS network
VoLTE Flows and CS networkKarel Berkovec
 
Signalling in EPC/LTE
Signalling in EPC/LTESignalling in EPC/LTE
Signalling in EPC/LTELeliwa
 
Ims call flow
Ims call flowIms call flow
Ims call flowMorg
 
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core NetworkHamidreza Bolhasani
 
WiFi-Based IMSI Catcher
WiFi-Based IMSI CatcherWiFi-Based IMSI Catcher
WiFi-Based IMSI CatcherShakacon
 

What's hot (20)

Philippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityPhilippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1security
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 Vulnerabilities
 
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest link
 
Telecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronightsTelecom security from ss7 to all ip all-open-v3-zeronights
Telecom security from ss7 to all ip all-open-v3-zeronights
 
Ss7 Introduction Li In
Ss7 Introduction Li InSs7 Introduction Li In
Ss7 Introduction Li In
 
IMS + VoLTE Overview
IMS + VoLTE OverviewIMS + VoLTE Overview
IMS + VoLTE Overview
 
Beginners: UICC & SIM
Beginners: UICC & SIMBeginners: UICC & SIM
Beginners: UICC & SIM
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
 
VoLTE flows - basics
VoLTE flows - basicsVoLTE flows - basics
VoLTE flows - basics
 
Basic GSM Call Flows
Basic GSM Call FlowsBasic GSM Call Flows
Basic GSM Call Flows
 
VoLTE_SRVCC_E2Erevised
VoLTE_SRVCC_E2ErevisedVoLTE_SRVCC_E2Erevised
VoLTE_SRVCC_E2Erevised
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
 
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresTelecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasures
 
Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)Mobile Networks Overview (2G / 3G / 4G-LTE)
Mobile Networks Overview (2G / 3G / 4G-LTE)
 
VoLTE Flows and CS network
VoLTE Flows and CS networkVoLTE Flows and CS network
VoLTE Flows and CS network
 
Signalling in EPC/LTE
Signalling in EPC/LTESignalling in EPC/LTE
Signalling in EPC/LTE
 
Ims call flow
Ims call flowIms call flow
Ims call flow
 
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
 
WiFi-Based IMSI Catcher
WiFi-Based IMSI CatcherWiFi-Based IMSI Catcher
WiFi-Based IMSI Catcher
 

Viewers also liked

Quick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoiceQuick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoice3G4G
 
Introduction to Telco-OTT Services
Introduction to Telco-OTT ServicesIntroduction to Telco-OTT Services
Introduction to Telco-OTT ServicesMartin Geddes
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
Critical networking using mesh Wi-SUN technology
Critical networking using mesh Wi-SUN technologyCritical networking using mesh Wi-SUN technology
Critical networking using mesh Wi-SUN technology3G4G
 
Narrowband Internet of Things - R&S Whitepaper
Narrowband Internet of Things - R&S WhitepaperNarrowband Internet of Things - R&S Whitepaper
Narrowband Internet of Things - R&S Whitepaper3G4G
 
VoWLAN: Call Quality
VoWLAN: Call QualityVoWLAN: Call Quality
VoWLAN: Call Quality3G4G
 
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-NetsAndy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-Netshmatthews1
 
Mobile Network Sharing
Mobile Network SharingMobile Network Sharing
Mobile Network Sharing3G4G
 
Radio Frequency, Band and Spectrum
Radio Frequency, Band and SpectrumRadio Frequency, Band and Spectrum
Radio Frequency, Band and Spectrum3G4G
 
2G/3G Switch off Dates
2G/3G Switch off Dates2G/3G Switch off Dates
2G/3G Switch off Dates3G4G
 

Viewers also liked (11)

Quick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoiceQuick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoice
 
Introduction to Telco-OTT Services
Introduction to Telco-OTT ServicesIntroduction to Telco-OTT Services
Introduction to Telco-OTT Services
 
Gsm basics
Gsm basicsGsm basics
Gsm basics
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
 
Critical networking using mesh Wi-SUN technology
Critical networking using mesh Wi-SUN technologyCritical networking using mesh Wi-SUN technology
Critical networking using mesh Wi-SUN technology
 
Narrowband Internet of Things - R&S Whitepaper
Narrowband Internet of Things - R&S WhitepaperNarrowband Internet of Things - R&S Whitepaper
Narrowband Internet of Things - R&S Whitepaper
 
VoWLAN: Call Quality
VoWLAN: Call QualityVoWLAN: Call Quality
VoWLAN: Call Quality
 
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-NetsAndy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
 
Mobile Network Sharing
Mobile Network SharingMobile Network Sharing
Mobile Network Sharing
 
Radio Frequency, Band and Spectrum
Radio Frequency, Band and SpectrumRadio Frequency, Band and Spectrum
Radio Frequency, Band and Spectrum
 
2G/3G Switch off Dates
2G/3G Switch off Dates2G/3G Switch off Dates
2G/3G Switch off Dates
 

Similar to How to Intercept a Conversation Held on the Other Side of the Planet

Call flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flowCall flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flowEricsson Saudi
 
fdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.pptfdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.pptHazemElabed2
 
Kumar gunjan 20160213 mobile communication security
Kumar gunjan 20160213 mobile communication securityKumar gunjan 20160213 mobile communication security
Kumar gunjan 20160213 mobile communication securitynullowaspmumbai
 
Gsm training
Gsm trainingGsm training
Gsm traininggernaz55
 
395273802-GSM-Signaling.pdf
395273802-GSM-Signaling.pdf395273802-GSM-Signaling.pdf
395273802-GSM-Signaling.pdfGeoffreyAlleyne
 
Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)Hamidreza Bolhasani
 
Introducing to LAC-CI
Introducing to LAC-CIIntroducing to LAC-CI
Introducing to LAC-CIRiswan
 
Gsm architecture and call flow
Gsm architecture and call flowGsm architecture and call flow
Gsm architecture and call flowMohd Nazir Shakeel
 
Gsm overview
Gsm overviewGsm overview
Gsm overviewChon Tum
 
02 gsm hscsd_gprs
02 gsm hscsd_gprs02 gsm hscsd_gprs
02 gsm hscsd_gprsChyon Ju
 
Basic gsm principles
Basic gsm principlesBasic gsm principles
Basic gsm principlesSupper Mario
 
PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PROIDEA
 
Ussd call back or UCB
Ussd call back or UCBUssd call back or UCB
Ussd call back or UCBRawand Jaf
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecturesumit singh
 

Similar to How to Intercept a Conversation Held on the Other Side of the Planet (20)

Call flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flowCall flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flow
 
fdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.pptfdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.ppt
 
Kumar gunjan 20160213 mobile communication security
Kumar gunjan 20160213 mobile communication securityKumar gunjan 20160213 mobile communication security
Kumar gunjan 20160213 mobile communication security
 
Gsm
GsmGsm
Gsm
 
Gsm
GsmGsm
Gsm
 
Gsm training
Gsm trainingGsm training
Gsm training
 
395273802-GSM-Signaling.pdf
395273802-GSM-Signaling.pdf395273802-GSM-Signaling.pdf
395273802-GSM-Signaling.pdf
 
gsm operation
gsm operationgsm operation
gsm operation
 
Intelegent network.ppt
Intelegent network.pptIntelegent network.ppt
Intelegent network.ppt
 
Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)
 
Switching systems lecture7
Switching systems lecture7Switching systems lecture7
Switching systems lecture7
 
Introducing to LAC-CI
Introducing to LAC-CIIntroducing to LAC-CI
Introducing to LAC-CI
 
Gsm architecture and call flow
Gsm architecture and call flowGsm architecture and call flow
Gsm architecture and call flow
 
Telecom Security
Telecom SecurityTelecom Security
Telecom Security
 
Gsm overview
Gsm overviewGsm overview
Gsm overview
 
02 gsm hscsd_gprs
02 gsm hscsd_gprs02 gsm hscsd_gprs
02 gsm hscsd_gprs
 
Basic gsm principles
Basic gsm principlesBasic gsm principles
Basic gsm principles
 
PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security
 
Ussd call back or UCB
Ussd call back or UCBUssd call back or UCB
Ussd call back or UCB
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecture
 

More from Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikPositive Hack Days
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQubePositive Hack Days
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityPositive Hack Days
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Positive Hack Days
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для ApproofPositive Hack Days
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Positive Hack Days
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложенийPositive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложенийPositive Hack Days
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application SecurityPositive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОPositive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке СиPositive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опытPositive Hack Days
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterPositive Hack Days
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиPositive Hack Days
 

More from Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Recently uploaded

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

How to Intercept a Conversation Held on the Other Side of the Planet