BSC/RNC― Radio resources management― mobility― User data encryptionOSWindowsLinuxServicesRDPSSHMML/telnetNo patchesWith Defaults
Real life― Too many devices― Equal/weak passwords― Default accounts
Operation support subsystemWeb interfaceClient application
XML External Entity Injection― “XML Data retrieval” by Yunusov and Osipov on― Data retrieval
“All like it”
ExampleRequest for OSSetc/shadowin response
Go further― Bruteforce hashes from etc/shadow― OSS access with administrative privileges
Operation support subsystem― Are vulnerable as other software― Are there patch management?VulnerabilitydetectedFixes developed Vulnerability andfixes issued? ?137114463 6281222 26135Vulnerabilities by typeDenial of ServiceCode ExecutionBuffer OverflowMemory ErrorsSQL InjectionCross-Site ScriptingDirectory TraversalRestriction BypassInformation DisclosurePriviledge-EscalationCross-Site Request Forgery
Attacks on GGSN,something about GRX
FirewallingVPN for a corporate clientACLinspect???
GRX. Basics• Open for all providers• High quality (QoS)• All in IP– easy support for SIP, RTP, GTP, SMTP, SIGTRAN• ….. something more• Secure, it means fully separated from the Internet, bothphysically and logically.
GTP― no embeddedsecurity functions― no integrity― no data encryption