SlideShare uma empresa Scribd logo

Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities

Siddharth Rao
Siddharth Rao
Tecnologia
1 de 20
Baixar para ler offline
1 © Nokia Solutions and Networks 2015 Check_IMEI Misusage Siddharth Rao / Silke Holtmanns / Ian Oliver / Tuomas Aura 21-08-2015 Public
2 © Nokia Solutions and Networks 2015 Agenda Public • Background of SS7 attacks • Normal Check_IMEI procedure • Assumptions • Attack scenario description • Summary
3 © Nokia Solutions and Networks 2015 • Telecommunication systems are vulnerable. • Recent attacks • Locate • Trace/intercept • Manipulate Frauds Illegitimate activities • Core network Protocol • Signaling System #7 Public Motivation
4 © Nokia Solutions and Networks 2015 • Protocol foundation to enable roaming. • Call establishment , management and release. • Short Message Services (SMS). • Supplementary services. • Toll free numbers. • Tele-voting. • Enhanced Message Services (EMS). • Local Number Portability (LNP). Signaling System #7 Public
5 © Nokia Solutions and Networks 2015 Public SS7 Attacks timeline
6 © Nokia Solutions and Networks 2015 Public SS7 Attacks impact
7 © Nokia Solutions and Networks 2015 Public Unblocking stolen mobile devices using SS7-MAP vulnerabilities Exploiting the relationship between IMEI and IMSI for EIR access - Siddharth Rao, Dr. Silke Holtmanns, Dr. Ian Oliver, Dr Tuomas Aura
8 © Nokia Solutions and Networks 2015 Public Normal IMEI (device ID) Check procedure
9 © Nokia Solutions and Networks 2015 Public CheckIMEI ASN Structure Contains only IMEI.
10 © Nokia Solutions and Networks 2015 • Attacker has a stolen phone which is blacklisted and he knows the IMSI (Subsriber id) which was associated with it while blocking or last use by the victim. The attacker does not need to have the original SIM as it is sufficient to have just the IMSI. • Attacker has access to SS7 network. • The Global Title (GT, “SS7 name of a node”) of the Equipment Identity Register (EIR) is required. • Mobile Switching Center (MSC) GT might be needed (depending on operator configuration). • Feature and IMSI check options are enabled. Public Assumptions
11 © Nokia Solutions and Networks 2015 Users loose their phones and find it again, easy ”recovery” in EIR wanted  MSC sends IMEI (device id) along with IMSI (subscriber id) during MAP_CHECK_IMEI.  Initially the IMEI is checked to know the list it belongs to. If it is found on the black list, an additional check of IMSI is made. If there is a match between IMSI provisioned with IMEI in the EIR database (This is the IMSI-IMEI pair in the EIR before the victim blocks his stolen device.) with the IMSI found in MAP_CHECK_IMEI message then this overrides the blacklist condition.  Phone no longer blacklisted. Public Feature
12 © Nokia Solutions and Networks 2015 Public Attack Scenario
13 © Nokia Solutions and Networks 2015 Public CheckIMEI ASN Structure Contains IMEI and IMSI !!!!
14 © Nokia Solutions and Networks 2015 1. A CHECK_IMEI* is received with IMEI = 12345678901234, and IMSI = 495867256894125. 2. An individual IMEI match is found indicating that the IMEI is on the Black List. 3. Normally required response would be Black Listed, however; because an IMSI is present in the message, and the IMEI is on the Black List, the IMSI is compared to the IMSI entry in the database for this IMEI. 4. In this case, the IMSI in the RTDB matches the IMSI in the query, thus the Black Listed condition is cancelled/overridden. 5. EIR formulates a CHECK_IMEI* response with Equipment Status = 0 whiteListed. Public Example
15 © Nokia Solutions and Networks 2015 • Stolen phones would have much higher value, if they are not blacklisted and can be sold via ebay or simlar means. Why should somebody do this? Public Source: http://www.wired.com/2014/12/where-stolen-smart-phones-go/ • 1 in 10 smart-phone owners are the victims of phone theft. • In United States, 113 phones per minute are stolen or lost.  $7 million worth of smart phones on a daily basis.
16 © Nokia Solutions and Networks 2015 Public EIR Coverage Source: Farrell, G. (2015). Preventing phone theft and robbery: the need for government action and international coordination. Crime Science, 4(1), 1-11.
17 © Nokia Solutions and Networks 2015 • Attack has not been observed in real networks. • Research was done on protocol level and publicly available information. • Not all EIRs affected. • Business case exist for the attack. • Easy to add ”Check_IMEI*” to the filter list of network internal messages to stop this kind of attack before it appears in real. Public Summary
18 © Nokia Solutions and Networks 2015 THANK YOU Public Contact: siddharth.rao@aalto.fi
19 © Nokia Solutions and Networks 2015 Public
20 © Nokia Solutions and Networks 2015 Public Copyright and confidentiality The contents of this document are proprietary and confidential property of Nokia Solutions and Networks. This document is provided subject to confidentiality obligations of the applicable agreement(s). This document is intended for use of Nokia Solutions and Networks customers and collaborators only for the purpose for which this document is submitted by Nokia Solution and Networks. No part of this document may be reproduced or made available to the public or to any third party in any form or means without the prior written permission of Nokia Solutions and Networks. This document is to be used by properly trained professional personnel. Any use of the contents in this document is limited strictly to the use(s) specifically created in the applicable agreement(s) under which the document is submitted. The user of this document may voluntarily provide suggestions, comments or other feedback to Nokia Solutions and Networks in respect of the contents of this document ("Feedback"). Such Feedback may be used in Nokia Solutions and Networks products and related specifications or other documentation. Accordingly, if the user of this document gives Nokia Solutions and Networks Feedback on the contents of this document, Nokia Solutions and Networks may freely use, disclose, reproduce, license, distribute and otherwise commercialize the feedback in any Nokia Solutions and Networks product, technology, service, specification or other documentation. Nokia Solutions and Networks operates a policy of ongoing development. Nokia Solutions and Networks reserves the right to make changes and improvements to any of the products and/or services described in this document or withdraw this document at any time without prior notice. The contents of this document are provided "as is". Except as required by applicable law, no warranties of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose, are made in relation to the accuracy, reliability or contents of this document. NOKIA SOLUTIONS AND NETWORKS SHALL NOT BE RESPONSIBLE IN ANY EVENT FOR ERRORS IN THIS DOCUMENT or for any loss of data or income or any special, incidental, consequential, indirect or direct damages howsoever caused, that might arise from the use of this document or any contents of this document. This document and the product(s) it describes are protected by copyright according to the applicable laws. Nokia is a registered trademark of Nokia Corporation. Other product and company names mentioned herein may be trademarks or trade names of their respective owners. © Nokia Solutions and Networks 2015

Recomendados

Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Alejandro Corletti Estrada
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetPositive Hack Days
 
3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdf3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdfAbubakar416712
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...DefCamp
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!PositiveTechnologies
 
Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeAttacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeP1Security
 

Recomendados

Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Alejandro Corletti Estrada
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetPositive Hack Days
 
3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdf3GPP_Overall_Architecture_and_Specifications.pdf
3GPP_Overall_Architecture_and_Specifications.pdfAbubakar416712
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...DefCamp
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!PositiveTechnologies
 
Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeAttacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeP1Security
 
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesPositiveTechnologies
 
Simjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilitySimjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilityPositiveTechnologies
 
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTEUnderstanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTEntel
 
IP Multimedia Subsystem architecture overview
IP Multimedia Subsystem architecture overviewIP Multimedia Subsystem architecture overview
IP Multimedia Subsystem architecture overviewNarasimham Settipalli
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX networkAlexandre De Oliveira
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyPositiveTechnologies
 
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresTelecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresPositiveTechnologies
 
ss7 and M3UA
ss7 and M3UAss7 and M3UA
ss7 and M3UAEng Ahmed Bakaal
 
Worldwide attacks on SS7 network
Worldwide attacks on SS7 networkWorldwide attacks on SS7 network
Worldwide attacks on SS7 networkAlexandre De Oliveira
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
 
Druid - Latest Case Studies & Use Cases_08.07.20
Druid - Latest Case Studies & Use Cases_08.07.20Druid - Latest Case Studies & Use Cases_08.07.20
Druid - Latest Case Studies & Use Cases_08.07.20Druid Software
 
SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.3G4G
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 VulnerabilitiesPositiveTechnologies
 
IIJmio meeting 10 端末の動作確認(後編)
IIJmio meeting 10 端末の動作確認(後編)IIJmio meeting 10 端末の動作確認(後編)
IIJmio meeting 10 端末の動作確認(後編)techlog (Internet Initiative Japan Inc.)
 
Introduction to Diameter Protocol - Part1
Introduction to Diameter Protocol - Part1Introduction to Diameter Protocol - Part1
Introduction to Diameter Protocol - Part1Basim Aly (JNCIP-SP, JNCIP-ENT)
 
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection SystemLuca Bongiorni
 
EPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC ConfigurationEPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC ConfigurationMustafa Golam
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksNaveen Kumar
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networksPositiveTechnologies
 
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...Ryuichi Yasunaga
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentHamilton Turner
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionEnclaveSecurity
 

Mais conteúdo relacionado

Mais procurados

Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesPositiveTechnologies
 
Simjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilitySimjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilityPositiveTechnologies
 
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTEUnderstanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTEntel
 
IP Multimedia Subsystem architecture overview
IP Multimedia Subsystem architecture overviewIP Multimedia Subsystem architecture overview
IP Multimedia Subsystem architecture overviewNarasimham Settipalli
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyPositiveTechnologies
 
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresTelecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresPositiveTechnologies
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
 
Druid - Latest Case Studies & Use Cases_08.07.20
Druid - Latest Case Studies & Use Cases_08.07.20Druid - Latest Case Studies & Use Cases_08.07.20
Druid - Latest Case Studies & Use Cases_08.07.20Druid Software
 
SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.3G4G
 
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection SystemLuca Bongiorni
 
EPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC ConfigurationEPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC ConfigurationMustafa Golam
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksNaveen Kumar
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networksPositiveTechnologies
 
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...Ryuichi Yasunaga
 

Mais procurados (20)

Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenes
 
Simjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilitySimjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerability
 
Understanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTEUnderstanding Telecom SIM and USIM/ISIM for LTE
Understanding Telecom SIM and USIM/ISIM for LTE
 
IP Multimedia Subsystem architecture overview
IP Multimedia Subsystem architecture overviewIP Multimedia Subsystem architecture overview
IP Multimedia Subsystem architecture overview
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case study
 
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresTelecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasures
 
ss7 and M3UA
ss7 and M3UAss7 and M3UA
ss7 and M3UA
 
Worldwide attacks on SS7 network
Worldwide attacks on SS7 networkWorldwide attacks on SS7 network
Worldwide attacks on SS7 network
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
 
Druid - Latest Case Studies & Use Cases_08.07.20
Druid - Latest Case Studies & Use Cases_08.07.20Druid - Latest Case Studies & Use Cases_08.07.20
Druid - Latest Case Studies & Use Cases_08.07.20
 
SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 Vulnerabilities
 
IIJmio meeting 10 端末の動作確認(後編)
IIJmio meeting 10 端末の動作確認(後編)IIJmio meeting 10 端末の動作確認(後編)
IIJmio meeting 10 端末の動作確認(後編)
 
Introduction to Diameter Protocol - Part1
Introduction to Diameter Protocol - Part1Introduction to Diameter Protocol - Part1
Introduction to Diameter Protocol - Part1
 
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
 
EPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC ConfigurationEPG PGW SAPC SACC PISC Configuration
EPG PGW SAPC SACC PISC Configuration
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networks
 
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
3GPP 5G NSA Detailed explanation 2(EN-DC SgNB additional call flow include LT...
 

Semelhante a Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities

Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentHamilton Turner
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionEnclaveSecurity
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
Mobisheild sales promotion presentation.
Mobisheild sales promotion presentation.Mobisheild sales promotion presentation.
Mobisheild sales promotion presentation.Arijit Ghosh
 
Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...
Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...
Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...NetMotion Wireless
 
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...Pôle Systematic Paris-Region
 
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdfSecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdfSecurity Gen
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020tmbainjr131
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Otherbradley_g
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsDenim Group
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
Mobility - Expect Connectivity Anywhere, Anytime
Mobility - Expect Connectivity Anywhere, AnytimeMobility - Expect Connectivity Anywhere, Anytime
Mobility - Expect Connectivity Anywhere, AnytimeAlcatel-Lucent Enterprise
 
Secur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm ShowSecur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm Showfmitchell
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Cyber Security Education Materials.pptx
Cyber Security Education Materials.pptxCyber Security Education Materials.pptx
Cyber Security Education Materials.pptxbentidiane21
 
2016 Public Safety Vision Strategy Direction - Avaya
2016 Public Safety Vision Strategy Direction - Avaya2016 Public Safety Vision Strategy Direction - Avaya
2016 Public Safety Vision Strategy Direction - AvayaMark Fletcher, ENP
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Cellebrite
 

Semelhante a Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities (20)

Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile Environment
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or loose
 
Mobisheild sales promotion presentation.
Mobisheild sales promotion presentation.Mobisheild sales promotion presentation.
Mobisheild sales promotion presentation.
 
Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...
Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...
Frost & Sullivan The New Mobility: How Mobile Applications and Devices are Ch...
 
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
OSIS18_IoT : Securisation du reseau des objets connectes, par Nicolas LE SAUZ...
 
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdfSecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-Brief
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
Mobility - Expect Connectivity Anywhere, Anytime
Mobility - Expect Connectivity Anywhere, AnytimeMobility - Expect Connectivity Anywhere, Anytime
Mobility - Expect Connectivity Anywhere, Anytime
 
Secur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm ShowSecur Digital Presentation 22jul10 Frm Show
Secur Digital Presentation 22jul10 Frm Show
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Cyber Security Education Materials.pptx
Cyber Security Education Materials.pptxCyber Security Education Materials.pptx
Cyber Security Education Materials.pptx
 
2016 Public Safety Vision Strategy Direction - Avaya
2016 Public Safety Vision Strategy Direction - Avaya2016 Public Safety Vision Strategy Direction - Avaya
2016 Public Safety Vision Strategy Direction - Avaya
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
 

Último

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities

  • 1. 1 © Nokia Solutions and Networks 2015 Check_IMEI Misusage Siddharth Rao / Silke Holtmanns / Ian Oliver / Tuomas Aura 21-08-2015 Public
  • 2. 2 © Nokia Solutions and Networks 2015 Agenda Public • Background of SS7 attacks • Normal Check_IMEI procedure • Assumptions • Attack scenario description • Summary
  • 3. 3 © Nokia Solutions and Networks 2015 • Telecommunication systems are vulnerable. • Recent attacks • Locate • Trace/intercept • Manipulate Frauds Illegitimate activities • Core network Protocol • Signaling System #7 Public Motivation
  • 4. 4 © Nokia Solutions and Networks 2015 • Protocol foundation to enable roaming. • Call establishment , management and release. • Short Message Services (SMS). • Supplementary services. • Toll free numbers. • Tele-voting. • Enhanced Message Services (EMS). • Local Number Portability (LNP). Signaling System #7 Public
  • 5. 5 © Nokia Solutions and Networks 2015 Public SS7 Attacks timeline
  • 6. 6 © Nokia Solutions and Networks 2015 Public SS7 Attacks impact
  • 7. 7 © Nokia Solutions and Networks 2015 Public Unblocking stolen mobile devices using SS7-MAP vulnerabilities Exploiting the relationship between IMEI and IMSI for EIR access - Siddharth Rao, Dr. Silke Holtmanns, Dr. Ian Oliver, Dr Tuomas Aura
  • 8. 8 © Nokia Solutions and Networks 2015 Public Normal IMEI (device ID) Check procedure
  • 9. 9 © Nokia Solutions and Networks 2015 Public CheckIMEI ASN Structure Contains only IMEI.
  • 10. 10 © Nokia Solutions and Networks 2015 • Attacker has a stolen phone which is blacklisted and he knows the IMSI (Subsriber id) which was associated with it while blocking or last use by the victim. The attacker does not need to have the original SIM as it is sufficient to have just the IMSI. • Attacker has access to SS7 network. • The Global Title (GT, “SS7 name of a node”) of the Equipment Identity Register (EIR) is required. • Mobile Switching Center (MSC) GT might be needed (depending on operator configuration). • Feature and IMSI check options are enabled. Public Assumptions
  • 11. 11 © Nokia Solutions and Networks 2015 Users loose their phones and find it again, easy ”recovery” in EIR wanted  MSC sends IMEI (device id) along with IMSI (subscriber id) during MAP_CHECK_IMEI.  Initially the IMEI is checked to know the list it belongs to. If it is found on the black list, an additional check of IMSI is made. If there is a match between IMSI provisioned with IMEI in the EIR database (This is the IMSI-IMEI pair in the EIR before the victim blocks his stolen device.) with the IMSI found in MAP_CHECK_IMEI message then this overrides the blacklist condition.  Phone no longer blacklisted. Public Feature
  • 12. 12 © Nokia Solutions and Networks 2015 Public Attack Scenario
  • 13. 13 © Nokia Solutions and Networks 2015 Public CheckIMEI ASN Structure Contains IMEI and IMSI !!!!
  • 14. 14 © Nokia Solutions and Networks 2015 1. A CHECK_IMEI* is received with IMEI = 12345678901234, and IMSI = 495867256894125. 2. An individual IMEI match is found indicating that the IMEI is on the Black List. 3. Normally required response would be Black Listed, however; because an IMSI is present in the message, and the IMEI is on the Black List, the IMSI is compared to the IMSI entry in the database for this IMEI. 4. In this case, the IMSI in the RTDB matches the IMSI in the query, thus the Black Listed condition is cancelled/overridden. 5. EIR formulates a CHECK_IMEI* response with Equipment Status = 0 whiteListed. Public Example
  • 15. 15 © Nokia Solutions and Networks 2015 • Stolen phones would have much higher value, if they are not blacklisted and can be sold via ebay or simlar means. Why should somebody do this? Public Source: http://www.wired.com/2014/12/where-stolen-smart-phones-go/ • 1 in 10 smart-phone owners are the victims of phone theft. • In United States, 113 phones per minute are stolen or lost.  $7 million worth of smart phones on a daily basis.
  • 16. 16 © Nokia Solutions and Networks 2015 Public EIR Coverage Source: Farrell, G. (2015). Preventing phone theft and robbery: the need for government action and international coordination. Crime Science, 4(1), 1-11.
  • 17. 17 © Nokia Solutions and Networks 2015 • Attack has not been observed in real networks. • Research was done on protocol level and publicly available information. • Not all EIRs affected. • Business case exist for the attack. • Easy to add ”Check_IMEI*” to the filter list of network internal messages to stop this kind of attack before it appears in real. Public Summary
  • 18. 18 © Nokia Solutions and Networks 2015 THANK YOU Public Contact: siddharth.rao@aalto.fi
  • 19. 19 © Nokia Solutions and Networks 2015 Public
  • 20. 20 © Nokia Solutions and Networks 2015 Public Copyright and confidentiality The contents of this document are proprietary and confidential property of Nokia Solutions and Networks. This document is provided subject to confidentiality obligations of the applicable agreement(s). This document is intended for use of Nokia Solutions and Networks customers and collaborators only for the purpose for which this document is submitted by Nokia Solution and Networks. No part of this document may be reproduced or made available to the public or to any third party in any form or means without the prior written permission of Nokia Solutions and Networks. This document is to be used by properly trained professional personnel. Any use of the contents in this document is limited strictly to the use(s) specifically created in the applicable agreement(s) under which the document is submitted. The user of this document may voluntarily provide suggestions, comments or other feedback to Nokia Solutions and Networks in respect of the contents of this document ("Feedback"). Such Feedback may be used in Nokia Solutions and Networks products and related specifications or other documentation. Accordingly, if the user of this document gives Nokia Solutions and Networks Feedback on the contents of this document, Nokia Solutions and Networks may freely use, disclose, reproduce, license, distribute and otherwise commercialize the feedback in any Nokia Solutions and Networks product, technology, service, specification or other documentation. Nokia Solutions and Networks operates a policy of ongoing development. Nokia Solutions and Networks reserves the right to make changes and improvements to any of the products and/or services described in this document or withdraw this document at any time without prior notice. The contents of this document are provided "as is". Except as required by applicable law, no warranties of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose, are made in relation to the accuracy, reliability or contents of this document. NOKIA SOLUTIONS AND NETWORKS SHALL NOT BE RESPONSIBLE IN ANY EVENT FOR ERRORS IN THIS DOCUMENT or for any loss of data or income or any special, incidental, consequential, indirect or direct damages howsoever caused, that might arise from the use of this document or any contents of this document. This document and the product(s) it describes are protected by copyright according to the applicable laws. Nokia is a registered trademark of Nokia Corporation. Other product and company names mentioned herein may be trademarks or trade names of their respective owners. © Nokia Solutions and Networks 2015