Crash course of Mobile (SS7) privacy and security
Upcoming SlideShare
Loading in...5
×
 

Crash course of Mobile (SS7) privacy and security

on

  • 6,823 views

We will discuss the three main aspects related to mobile security: Interception, Geolocation, Denial of Service.

We will discuss the three main aspects related to mobile security: Interception, Geolocation, Denial of Service.

Statistics

Views

Total Views
6,823
Views on SlideShare
4,150
Embed Views
2,673

Actions

Likes
0
Downloads
66
Comments
0

15 Embeds 2,673

http://arabloggers.com 1328
http://dowdellresearch.blogspot.com 419
http://dowdellresearch.blogspot.com 419
http://paper.li 206
http://paper.li 206
http://a0.twimg.com 28
http://a0.twimg.com 28
http://us-w1.rockmelt.com 13
http://us-w1.rockmelt.com 13
http://ab14.globalvoicesonline.org 4
http://feeds.feedburner.com 3
http://dowdellresearch.blogspot.co.nz 2
http://www.linkedin.com 2
http://twitter.com 1
http://www.twylah.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Crash course of Mobile (SS7) privacy and security Crash course of Mobile (SS7) privacy and security Presentation Transcript

  • COVER The Athens Affair How some extremely smart hackers pulled off the most audacious cell-network break-in ever By VASSILIS PREVELAKIS, DIOMIDIS SPINELLIS / JULY 2007 On 9 March 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months. The next day, the prime minister of Greece was told that his cellphone was being bugged, as were those of the mayor of Athens and at least 100 other high-ranking dignitaries, including an employee of the U.S. embassy [see sidebar "CEOs, MPs, & a PM."] The victims were customers of Athens-based Vodafone-Panafon, generally known as Vodafone Greece, the countrys largest cellular service provider; Tsalikidis was in charge of network planning at the company. A connection seemed obvious. Given the list of people and their positions at the time of the tapping, we can only imagine the sensitive political and diplomatic discussions, high-stakes business deals, or even marital indiscretions that may have been routinely overheard and, quite possibly, recorded. Even before Tsalikidiss death, investigators had found rogue software Photo: Fotoagentur/Alamy installed on the Vodafone Greece phone network by parties unknown. Some extraordinarily knowledgeable people either penetrated the network from outside or subverted it from within, aided by an agent or mole. In either case, the software at the heart of the phone system, investigators later discovered, was reprogrammed with a finesse and sophistication rarely seen before Crash course of Mobile (SS7) or since. A study of the Athens affair, surely the most bizarre and embarrassing scandal ever to engulf a major cellphone service provider, sheds considerable light on the measures networks can and should take to reduce their vulnerability privacy and security to hackers and moles. Its also a rare opportunity to get a glimpse of one of the most elusive of cybercrimes. Major network penetrations of any kind are exceedingly uncommon. They are hard to pull off, and equally hard to investigate. Even among major criminal infiltrations, the Athens affair stands out because it may have involved state secrets, and itMonday, October 3, 2011 targeted individuals—a combination that, if it had ever occurred before, was not disclosed publicly. The most notorious
  • $ whoarewe • Arturo Filastò • Jacob Appelbaum • The Tor Project • The Tor Project • A Random • I break bad software GlobaLeaks and build better Developer alternatives • I hack on stuff for • Understanding censorship fun and profit! @hellais @ioerrorMonday, October 3, 2011
  • Once upon a time...Monday, October 3, 2011
  • The 3 issues • Interception • Geolocation • Denial of ServiceMonday, October 3, 2011
  • Interception • Can be lawful or unlawful • Tactical vs Non-TacticalMonday, October 3, 2011
  • “Lawful Intercept”Monday, October 3, 2011
  • What technologies can be intercepted? • GSM • CDMA • iDEN • Thuraya • BGAN/Inmarsat • VSATMonday, October 3, 2011
  • Who? • Law enforcement • National Secret Service • Foreign Secret Service • Large corporations • Outsourced intelligence service providers • Organized crime • Military organizationsMonday, October 3, 2011
  • Targets of Interception • A person • A medium (think wire tap) • A device (think rootkit) • Parametric • Keywords (sniffing for triggers) • Perimeter (area sniffing)Monday, October 3, 2011
  • Why? • The architecture is designed for it • To suppress uprisings • To collect intelligence • Monitor behaviorMonday, October 3, 2011
  • How is this possible? • The security is outdated; take GSM... • No effort has been made to fix it • A5/1 is broken • A5/2 is purposefully broken • A5/3 is a bit better but not implemented (http://security.osmocom.org/trac/ticket/ 4)Monday, October 3, 2011
  • IMSI catchersMonday, October 3, 2011
  • Active IMSI catchersMonday, October 3, 2011
  • More accessible • This equipment used to be very expensive • But with projects such as USRP and OsmocomBB this is no longer trueMonday, October 3, 2011
  • Passive GSM sniffers + =Monday, October 3, 2011
  • Passive GSM sniffers + = Interception for 50$Monday, October 3, 2011
  • Geolocation • Where are you? • Various technologies give various levels of accuracy • SS7 (HLR, ATI) • Stingray and AmberJackMonday, October 3, 2011
  • Location TrackingMonday, October 3, 2011
  • Walled Garden • For accessing SS7 there used to be: • High costs • Strict peering agreements • Not designed with security in mindMonday, October 3, 2011
  • The GSM network OsmocommBB OpenBTS BSC APIs to HLRsubscriber BTS BSC MSC VLR HLR SMSC OpenBSC VLR MSC SMS InjectionMonday, October 3, 2011
  • Macro Area Geolocation • With network interrogations • A feature to SMS sending • The level of detail goes from 1km in cities to 200km in rural areasMonday, October 3, 2011
  • More detail is possible • Other privacy invading queries exists • PSI, ATI • Reach a level of detail of ~100m • Require, more strict agreements with telcos • If you know where to ask... • ... you will get them • (that means if you have the $$$)Monday, October 3, 2011
  • Denial of Service • You just want to stop that or those people communicating.Monday, October 3, 2011
  • Monday, October 3, 2011
  • JammersMonday, October 3, 2011
  • JammersMonday, October 3, 2011
  • Help! • Ok, so you have scared me. Now what should I do? • be aware of patterns and realities • use software on top of what is available • Tor, RedPhone, TextSecure, PrivateGSM, etc • Avoid bad software - eg: UltraSurf, SMS • Resist giving your ID for a SIM card! • If you are really worried or privacy and security don’t use mobile phones. • Until we create a free telco, we’re doomed.Monday, October 3, 2011
  • Thanks for listening! Any questions?Monday, October 3, 2011