Enviar pesquisa
Carregar
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
•
3 gostaram
•
2,773 visualizações
Siddharth Rao
Seguir
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 20
Baixar agora
Baixar para ler offline
Recomendados
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOs
PositiveTechnologies
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Alejandro Corletti Estrada
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
Positive Hack Days
3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdf
Abubakar416712
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
P1Security
Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...
DefCamp
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!
PositiveTechnologies
Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchange
P1Security
Recomendados
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOs
PositiveTechnologies
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Alejandro Corletti Estrada
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
Positive Hack Days
3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdf
Abubakar416712
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
P1Security
Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...
DefCamp
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!
PositiveTechnologies
Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchange
P1Security
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenes
PositiveTechnologies
Simjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerability
PositiveTechnologies
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTE
ntel
IP Multimedia Subsystem architecture overview
IP Multimedia Subsystem architecture overview
Narasimham Settipalli
Assaulting diameter IPX network
Assaulting diameter IPX network
Alexandre De Oliveira
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case study
PositiveTechnologies
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasures
PositiveTechnologies
ss7 and M3UA
ss7 and M3UA
Eng Ahmed Bakaal
Worldwide attacks on SS7 network
Worldwide attacks on SS7 network
Alexandre De Oliveira
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
PositiveTechnologies
Druid - Latest Case Studies & Use Cases_08.07.20
Druid - Latest Case Studies & Use Cases_08.07.20
Druid Software
SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.
3G4G
SS7 Vulnerabilities
SS7 Vulnerabilities
PositiveTechnologies
IIJmio meeting 10 端末の動作確認(後編)
IIJmio meeting 10 端末の動作確認(後編)
techlog (Internet Initiative Japan Inc.)
Introduction to Diameter Protocol - Part1
Introduction to Diameter Protocol - Part1
Basim Aly (JNCIP-SP, JNCIP-ENT)
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
Luca Bongiorni
EPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC Configuration
Mustafa Golam
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
Naveen Kumar
Positive approach to security of Core networks
Positive approach to security of Core networks
PositiveTechnologies
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
Ryuichi Yasunaga
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile Environment
Hamilton Turner
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
EnclaveSecurity
Mais conteúdo relacionado
Mais procurados
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenes
PositiveTechnologies
Simjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerability
PositiveTechnologies
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTE
ntel
IP Multimedia Subsystem architecture overview
IP Multimedia Subsystem architecture overview
Narasimham Settipalli
Assaulting diameter IPX network
Assaulting diameter IPX network
Alexandre De Oliveira
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case study
PositiveTechnologies
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasures
PositiveTechnologies
ss7 and M3UA
ss7 and M3UA
Eng Ahmed Bakaal
Worldwide attacks on SS7 network
Worldwide attacks on SS7 network
Alexandre De Oliveira
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
PositiveTechnologies
Druid - Latest Case Studies & Use Cases_08.07.20
Druid - Latest Case Studies & Use Cases_08.07.20
Druid Software
SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.
3G4G
SS7 Vulnerabilities
SS7 Vulnerabilities
PositiveTechnologies
IIJmio meeting 10 端末の動作確認(後編)
IIJmio meeting 10 端末の動作確認(後編)
techlog (Internet Initiative Japan Inc.)
Introduction to Diameter Protocol - Part1
Introduction to Diameter Protocol - Part1
Basim Aly (JNCIP-SP, JNCIP-ENT)
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
Luca Bongiorni
EPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC Configuration
Mustafa Golam
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
Naveen Kumar
Positive approach to security of Core networks
Positive approach to security of Core networks
PositiveTechnologies
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
Ryuichi Yasunaga
Mais procurados
(20)
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenes
Simjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerability
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTE
IP Multimedia Subsystem architecture overview
IP Multimedia Subsystem architecture overview
Assaulting diameter IPX network
Assaulting diameter IPX network
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case study
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasures
ss7 and M3UA
ss7 and M3UA
Worldwide attacks on SS7 network
Worldwide attacks on SS7 network
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
Druid - Latest Case Studies & Use Cases_08.07.20
Druid - Latest Case Studies & Use Cases_08.07.20
SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.
SS7 Vulnerabilities
SS7 Vulnerabilities
IIJmio meeting 10 端末の動作確認(後編)
IIJmio meeting 10 端末の動作確認(後編)
Introduction to Diameter Protocol - Part1
Introduction to Diameter Protocol - Part1
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
EPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC Configuration
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
Positive approach to security of Core networks
Positive approach to security of Core networks
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
Semelhante a Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile Environment
Hamilton Turner
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
EnclaveSecurity
Appsecurity, win or loose
Appsecurity, win or loose
Bjørn Sloth
Mobisheild sales promotion presentation.
Mobisheild sales promotion presentation.
Arijit Ghosh
Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...
Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...
NetMotion Wireless
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
Pôle Systematic Paris-Region
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
Security Gen
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
EC-Council
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
tmbainjr131
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-Brief
Jonathan Reyes
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
bradley_g
Developing Secure Mobile Applications
Developing Secure Mobile Applications
Denim Group
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
Arnold Antoo
Mobility - Expect Connectivity Anywhere, Anytime
Mobility - Expect Connectivity Anywhere, Anytime
Alcatel-Lucent Enterprise
Secur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm Show
fmitchell
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
IBM Security
Cyber Security Education Materials.pptx
Cyber Security Education Materials.pptx
bentidiane21
2016 Public Safety Vision Strategy Direction - Avaya
2016 Public Safety Vision Strategy Direction - Avaya
Mark Fletcher, ENP
Symantec Mobile Security Webinar
Symantec Mobile Security Webinar
Symantec
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Cellebrite
Semelhante a Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
(20)
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile Environment
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
Appsecurity, win or loose
Appsecurity, win or loose
Mobisheild sales promotion presentation.
Mobisheild sales promotion presentation.
Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...
Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-Brief
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
Developing Secure Mobile Applications
Developing Secure Mobile Applications
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
Mobility - Expect Connectivity Anywhere, Anytime
Mobility - Expect Connectivity Anywhere, Anytime
Secur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm Show
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
Cyber Security Education Materials.pptx
Cyber Security Education Materials.pptx
2016 Public Safety Vision Strategy Direction - Avaya
2016 Public Safety Vision Strategy Direction - Avaya
Symantec Mobile Security Webinar
Symantec Mobile Security Webinar
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Último
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
hans926745
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Último
(20)
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
1.
1 © Nokia
Solutions and Networks 2015 Check_IMEI Misusage Siddharth Rao / Silke Holtmanns / Ian Oliver / Tuomas Aura 21-08-2015 Public
2.
2 © Nokia
Solutions and Networks 2015 Agenda Public • Background of SS7 attacks • Normal Check_IMEI procedure • Assumptions • Attack scenario description • Summary
3.
3 © Nokia
Solutions and Networks 2015 • Telecommunication systems are vulnerable. • Recent attacks • Locate • Trace/intercept • Manipulate Frauds Illegitimate activities • Core network Protocol • Signaling System #7 Public Motivation
4.
4 © Nokia
Solutions and Networks 2015 • Protocol foundation to enable roaming. • Call establishment , management and release. • Short Message Services (SMS). • Supplementary services. • Toll free numbers. • Tele-voting. • Enhanced Message Services (EMS). • Local Number Portability (LNP). Signaling System #7 Public
5.
5 © Nokia
Solutions and Networks 2015 Public SS7 Attacks timeline
6.
6 © Nokia
Solutions and Networks 2015 Public SS7 Attacks impact
7.
7 © Nokia
Solutions and Networks 2015 Public Unblocking stolen mobile devices using SS7-MAP vulnerabilities Exploiting the relationship between IMEI and IMSI for EIR access - Siddharth Rao, Dr. Silke Holtmanns, Dr. Ian Oliver, Dr Tuomas Aura
8.
8 © Nokia
Solutions and Networks 2015 Public Normal IMEI (device ID) Check procedure
9.
9 © Nokia
Solutions and Networks 2015 Public CheckIMEI ASN Structure Contains only IMEI.
10.
10 © Nokia
Solutions and Networks 2015 • Attacker has a stolen phone which is blacklisted and he knows the IMSI (Subsriber id) which was associated with it while blocking or last use by the victim. The attacker does not need to have the original SIM as it is sufficient to have just the IMSI. • Attacker has access to SS7 network. • The Global Title (GT, “SS7 name of a node”) of the Equipment Identity Register (EIR) is required. • Mobile Switching Center (MSC) GT might be needed (depending on operator configuration). • Feature and IMSI check options are enabled. Public Assumptions
11.
11 © Nokia
Solutions and Networks 2015 Users loose their phones and find it again, easy ”recovery” in EIR wanted MSC sends IMEI (device id) along with IMSI (subscriber id) during MAP_CHECK_IMEI. Initially the IMEI is checked to know the list it belongs to. If it is found on the black list, an additional check of IMSI is made. If there is a match between IMSI provisioned with IMEI in the EIR database (This is the IMSI-IMEI pair in the EIR before the victim blocks his stolen device.) with the IMSI found in MAP_CHECK_IMEI message then this overrides the blacklist condition. Phone no longer blacklisted. Public Feature
12.
12 © Nokia
Solutions and Networks 2015 Public Attack Scenario
13.
13 © Nokia
Solutions and Networks 2015 Public CheckIMEI ASN Structure Contains IMEI and IMSI !!!!
14.
14 © Nokia
Solutions and Networks 2015 1. A CHECK_IMEI* is received with IMEI = 12345678901234, and IMSI = 495867256894125. 2. An individual IMEI match is found indicating that the IMEI is on the Black List. 3. Normally required response would be Black Listed, however; because an IMSI is present in the message, and the IMEI is on the Black List, the IMSI is compared to the IMSI entry in the database for this IMEI. 4. In this case, the IMSI in the RTDB matches the IMSI in the query, thus the Black Listed condition is cancelled/overridden. 5. EIR formulates a CHECK_IMEI* response with Equipment Status = 0 whiteListed. Public Example
15.
15 © Nokia
Solutions and Networks 2015 • Stolen phones would have much higher value, if they are not blacklisted and can be sold via ebay or simlar means. Why should somebody do this? Public Source: http://www.wired.com/2014/12/where-stolen-smart-phones-go/ • 1 in 10 smart-phone owners are the victims of phone theft. • In United States, 113 phones per minute are stolen or lost. $7 million worth of smart phones on a daily basis.
16.
16 © Nokia
Solutions and Networks 2015 Public EIR Coverage Source: Farrell, G. (2015). Preventing phone theft and robbery: the need for government action and international coordination. Crime Science, 4(1), 1-11.
17.
17 © Nokia
Solutions and Networks 2015 • Attack has not been observed in real networks. • Research was done on protocol level and publicly available information. • Not all EIRs affected. • Business case exist for the attack. • Easy to add ”Check_IMEI*” to the filter list of network internal messages to stop this kind of attack before it appears in real. Public Summary
18.
18 © Nokia
Solutions and Networks 2015 THANK YOU Public Contact: siddharth.rao@aalto.fi
19.
19 © Nokia
Solutions and Networks 2015 Public
20.
20 © Nokia
Solutions and Networks 2015 Public Copyright and confidentiality The contents of this document are proprietary and confidential property of Nokia Solutions and Networks. This document is provided subject to confidentiality obligations of the applicable agreement(s). This document is intended for use of Nokia Solutions and Networks customers and collaborators only for the purpose for which this document is submitted by Nokia Solution and Networks. No part of this document may be reproduced or made available to the public or to any third party in any form or means without the prior written permission of Nokia Solutions and Networks. This document is to be used by properly trained professional personnel. Any use of the contents in this document is limited strictly to the use(s) specifically created in the applicable agreement(s) under which the document is submitted. The user of this document may voluntarily provide suggestions, comments or other feedback to Nokia Solutions and Networks in respect of the contents of this document ("Feedback"). Such Feedback may be used in Nokia Solutions and Networks products and related specifications or other documentation. Accordingly, if the user of this document gives Nokia Solutions and Networks Feedback on the contents of this document, Nokia Solutions and Networks may freely use, disclose, reproduce, license, distribute and otherwise commercialize the feedback in any Nokia Solutions and Networks product, technology, service, specification or other documentation. Nokia Solutions and Networks operates a policy of ongoing development. Nokia Solutions and Networks reserves the right to make changes and improvements to any of the products and/or services described in this document or withdraw this document at any time without prior notice. The contents of this document are provided "as is". Except as required by applicable law, no warranties of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose, are made in relation to the accuracy, reliability or contents of this document. NOKIA SOLUTIONS AND NETWORKS SHALL NOT BE RESPONSIBLE IN ANY EVENT FOR ERRORS IN THIS DOCUMENT or for any loss of data or income or any special, incidental, consequential, indirect or direct damages howsoever caused, that might arise from the use of this document or any contents of this document. This document and the product(s) it describes are protected by copyright according to the applicable laws. Nokia is a registered trademark of Nokia Corporation. Other product and company names mentioned herein may be trademarks or trade names of their respective owners. © Nokia Solutions and Networks 2015
Baixar agora