SlideShare a Scribd company logo
1 of 25
Download to read offline
Department of Computer Science
WiFi-Based	IMSI	Catcher
Piers	O’Hanlon
Ravishankar Borgaonkar
Shakacon,	Honolulu,	12-13th July	2017
Overview
• What	is	an	IMSI?
• Conventional	IMSI	Catchers
• WiFi-based	IMSI	Catcher
• WiFi Network	Authentication	💣
• WiFi Calling	Authentication	💣
• Operator/Vendor/OS	Mitigations
• User	Mitigations
• Demo
What	is	an	IMSI?
• International	Mobile	Subscriber	Identity
• Globally	unique	identifier
• 15	digit	number	(MCountryCode+MNetCode+MSIdNum)
• e.g.	234123456789012
• Allows	for	[mutual]	authentication	of	a	device	to	the	network
• GSM/2G:	Only	using	SIM’s	secret	authentication	Key	(Ki)	
• 3/4G:	Using	Ki and	a	shared	Sequence	Number	(SQN)	
• Stored	in	two	places:
• In	the	‘SIM	Card’	(UICC/USIM)
• IMSI	is	accessible	in	a	read	only	section	of	the	U/SIM
• Secret	key	(Ki)	and	SQN	are	not	directly	readable
• At	the	Operator
• IMSI	indexes	Ki and	SQN	in	Operator’s	Database	(HSS/AuC)
• An	identifier	that	provides	for	tracking	of	devices
• There	are	others	like	WiFi/Bluetooth/NFC	Hardware	address	(e.g.	
MAC),	IMEI,	MSISDN	(Phone	number),	etc.
Conventional	IMSI	Catchers
• Typical	features
• Tracking:	IMSI/IMEI,	Location
• Interception:	Call/SMS/Data
• Operates	on	licensed	Mobile	Bands:	GSM/3G/4G
• Acts	as	a	fake	base	station	to	lure	nearby	mobile	devices
• Passive	- mainly	for	tracking	 (interception	when	no/weak	
ciphering)
• Active	– interception	and	tracking	
• Cost
• Commercial	solutions	expensive	(some	available	on	AliBaba..)
• But	now	possible	with	Laptop+SDR board
• Been	around	since	the	early	1990s
• Patented	in	Europe	in	1993
Techniques	in	Conventional	IMSI	
Catchers	
• Exploits	protocol	flaws	(no	
mutual	authentication..)
• Tracking	&	Interception
• Easily	available	to	buy	online
• Use	of	fake	base	station
• Exploits	architecture	issues	
(Base	station	>	UE..)
• Tracking	&	difficult	to	intercept	
traffic	w.r.t 2G	
• Commercial	products	usually	
downgrades
• Use	of	legitimate	base	station	
also	possible	
2G 3G/4G
http://www.epicos.com/EPCompanyProfileWeb/Content/Ability/EM_GSM.JPG http://edge.alluremedia.com.au/m/g/2016/05/nokia_ultra_compact_network.jpg
Protection	against	IMSI	Catchers
• IMSI-Catcher	detection
• App	based	(on	rooted	Android	devices)
• E.g.	Snoopsnitch,	Darshak
• Survey	based
• E.g.	SeaGlass Project	(U	Washington)
• No	protection	for	commercial	non-rooted	mobile	
devices
• Special	phones
• e.g.	Blackphone	
• Turn	off	cellular	connection	or	use	WiFi platform	for	
secure	calls/data??
WiFi-Based	IMSI	Catcher
• Features
• Tracking:	IMSI,	Location
• No	interception	(yet)
• Operates	in	unlicensed	(ISM)	Bands:	WiFi
• Range	- few	hundred	meters	– can	be	extended…
• Fake	Access	Points
• Redirect/Spoofs	mobile	packet	data	gateway
• Exploits	protocol	&	configuration	weaknesses
• Based	on	two	separate	techniques	[3GPP	TS33.234]
• WiFi Network	Authentication	(‘WLAN	direct	IP	access’)	
• WiFi-Calling	Authentication	(‘WLAN	3GPP	IP	access’)
• Cost
• Low:	Virtually	any	WiFi capable	computer
Mobile	network	Architecture
WiFi Network	attachment
• Unencrypted	WiFi access	points
• Captive	Portal	approaches
• Wireless	Internet	Service	Provider	roaming(WiSPr)	etc
• Normal	Encrypted	WiFi access	points
• Pre-shared	password/credentials
• ‘Auto	Connect’	Encrypted	WiFi APs	(802.1X)
• WiFi key	is	negotiated	without	user	intervention
• Based	on	credentials	in	the	USIM/UICC	(‘SIM	Card’)
• Controlled	by	operator	provided	configuration
• Automatic/pre-installed
• Manual	options
Automatic	configuration
• Some	Android	and	Windows	phones	automatically	
connect	based	on	SIM
• iOS	configures	phone	based	on	inserted	SIM
• Activates	an	operator	specific	.mobileconfig file
• Configures	a	range	of	operator	specific	options
• Including	a	list	of	802.1X	supported	WiFi SSIDs
• Our	analysis	of	iOS9	profiles	showed
• More	than	60	profiles	(44	countries)	for	802.1X	WiFi
• Containing	66	unique	SSIDS	plus	other	config
• =>	Phones	continuously	trying	to	silently	
automatically	authenticate
Manual	Configuration
• Some	Android	devices	require	initial	manual	
config
• After	which	it	automatically	connects
• Instructions	on	operator	websites
• Follow	simple	steps	to	set	up
• Android	provides	various	Carrier	controlled	
mechanisms
• Lollipop	(v5.1	MR1):	UICC	Carrier	Privileges
• Marshmallow	(v6.0):	Carrier	Configuration
• “Privileged	applications	to	provide	carrier-specific	
configuration	to	the	platform”
Automatic	WiFi Authentication
• Port	Based	Network	Access	Control	[IEEE	802.1X]
• Uses	Extensible	Authentication	Protocol	(EAP)	[RFC3748]	
over	LAN	(EAPOL)	over	WiFi
• Based	upon	two	EAP	Methods
• EAP-SIM	[RFC	4186]
• GSM	based	security	- Currently	most	widely	used
• EAP-AKA	[RFC	4187]
• 3G	based	security	- Being	deployed
• Support	in	Android,	iOS,	Windows	Mobile,	and	
Blackberry	devices
• We’ve	reported	the	issue	to	them	all	and	to	operators	&	
GSMA
• No	privacy	bounties	 😕
• Deployed	in	many	countries	– adoption	growing
EAP-SIM/AKA	Identities
• Three	basic	identity	types	for	authentication	
• Permanent-identity	(IMSI)
• Typically	used	initially	after	which	temporary	ids	are	used
• Pseudonym	identity
• A	pseudonym	for	the	IMSI	has	limited	lifetime
• Fast	reauthentication-identity
• Lower	overhead	re-attachment	after	initial	exchange
• Behaviour	affected	by	peer	policy
• “Liberal”	peer	- Current	default
• Responds	to	any	requests	for	permanent	identity
• “Conservative”	peer	– Future	deployment	option
• Only	respond	to	requests	for	permanent	identity	when	no	
Pseudonym	identity	available
EAP-SIM/AKA	transport	
• Basic	EAP	protocol	is	not	encrypted
• Currently	EAP-SIM/AKA	in	EAPOL	is	unencrypted
• Thus	IMSI	is	visible	(to	a	passive	attacker)	when	
permanent	identity	used	for	full	authentication	 😱
• Also	open	to	active	attacks	by	requesting	full	auth 😱
• WiFi Access	keys	not	compromised
• All	content	still	protected
• There	are	encrypted	tunnel	EAP	methods
• EAP-TTLSv0,	EAP-TLS…
• But	support	required	in	both	mobile	OS	and	operator
EAP-SIM/AKA	transport	
• Basic	EAP	protocol	is	not	encrypted
• Currently	EAP-SIM/AKA	in	EAPOL	is	unencrypted
• Thus	IMSI	is	visible	(to	a	passive	attacker)	when	
permanent	identity	used	for	full	authentication	 😱
• Also	open	to	active	attacks	by	requesting	full	auth 😱
• Problem	amplified	due	to	pre-configured	profiles	
• Mobile	devices	are	constantly	checking	for	pre-
configured	SSIDs	and	attempting	authentication
• WiFi Access	keys	not	compromised
• All	content	still	protected
WiFi-Calling	Connection
• Phone	connects	to	Edge	Packet	Data	Gateway	(EPDG)	
over	WiFi
• Voice	calls	over	WiFi
• Phone	connects	on	low/no	signal
• Also	connects	in	Airplane	mode	+	WiFi …
• Connection	to	EPDG	uses	IPsec
• Authenticates	using	Internet	Key	Exchange	Protocol	(IKEv2)
• Supported	on	iOS,	Android,	and	Windows	devices
• WiFi-Calling	available	in	a	number	of	countries
• The	issue	also	been	reported	to	OS	makers	and	Operators
IPsec	brief	overview
• Internet	Protocol	Security
• Confidentiality,	data	integrity,	access	control,	and	data	source	
authentication
• Recovery	from	transmission	errors:	packet	loss,	packet	replay,	and	
packet	forgery
• Authentication
• Authentication	Header	(AH)	- RFC	4302
• Confidentiality
• Encapsulating	Security	Payload	(ESP)	- RFC	4303
• Key	management
• Internet	Key	Exchange	v2	(IKEv2)	- RFC7296
• Two	modes
• Tunnel	- used	for	connection	to	Gateway	(EPDG)
• Transport
Internet	Key	Exchange	(IKEv2)
• Initiates	connection	in	two	phases
• IKE_SA_INIT
• Negotiate	cryptographic	algorithms,	exchange	nonces,	and	do	
a	Diffie-Hellman	exchange	
• IKE_AUTH
• Authenticate	the	previous	messages,	exchange	identities	(e.g.	
IMSI),	and	certificates,	and	establish	the	child	Security	
Association(s)	(SA)
• IKE_AUTH	uses	EAP-AKA
• IMSI	exchange	not	protected	by	a	certificate
• Open	to	Man-In-the-Middle	attacks	on	identity	(IMSI)	 😱
• IPsec	ESP	keys	are	not	compromised
• Call	content	still	safe
Operator/Vendor	Mitigations
• Deprecate	EAP-SIM	in	favour	of	EAP-AKA
• EAP-SIM	is	weaker	as	it	only	uses	GSM	triplets
• Deploy	EAP-AKA/SIM	with	conservative	peer	pseudonym
• Deploy	Certificate	based	approach
• Deploy	certificates	on	suitable	AAA	infrastructure
• Deploy	certificate	protected	tunnelled	EAP-AKA	for	WLAN	access
• E.g.	EAP-TTLS+EAP-AKA	on	802.1X
• Deploy	certificate	protected	IPsec/IKEv2	to	EPDG
• E.g.	EAP-TTLS+EAP-AKA	for	IKE_AUTH,	or	multiple	IKEv2	auth exchange
• (Re)investigate	other	potential	solutions
• IMSI	encryption	– 5G-ENSURE	project	has	proposed	an	‘enabler’
• E.g.	3GPPP	TD	S3-030081	– ‘Certificate-Based	Protection	of	IMSI	
for	EAP-SIM/AKA’
• Standards	bodies	should	re-evaluate	approaches
Mobile	OS	Mitigations
• Support	conservative	peer	for	EAP-AKA/SIM	
with	pseudonym	support
• Emerging	in	some	Oses (e.g.	iOS10)
• iOS10	has	conservative	peer	pseudonym	support	–
due	to	us	 😉
• Certificate	based	approach
• Support	for	EAP-TTLv0	+	EAP-AKA	in	IKEv2	&	EAPOL
• Other	approaches?
• Allow	for	more	user	choice	with	automatic	WiFi
network	access
• Preferably	allow	for	editing	of	all	stored	associations
User	Mitigation
• WiFi Network	Access	Control
• iOS
• Turn	off	‘Auto-Join’	toggle	for	Auto-WiFi networks
• Only	possible	when	network	in	range
• iOS10	may	provide	better	protection	(once	operators	deploy	
support)
• It	has	conservative	peer	pseudonym	support	
• Android
• ‘Forget’	Auto-WiFi profiles
• Depending	on	version	only	possible	when	network	in	range
• WiFi-Calling
• Android/iOS:	Selectively	disable	WiFi-Calling
• Switch	off	WiFi in	untrusted	environments
Summary
• Large	scale	IMSI	exposure	issues
• Poor	privacy	mandates	in	standards
• Widespread	device	pre-configuration	with	no	opt	out
• Need	better	privacy	testing	procedures
• Most	of	the	world’s	smartphones	affected
• Two	techniques	rely	upon	installed	operator	
automatic	configuration	for	these	popular	services
• We’ve	been	working	with	Operators/Vendors/	
OS	companies	to	fix	the	issue
• But	it’s	a	complex	issue
• EAP-AKA	is	now	starting	to	replace	EAP-SIM
Conclusions	&	Future	Work
• Investigating	other	uses	of	EAP-SIM/AKA
• Exploring	use	of	USIM	credentials	in	other	
WiFi based	protocols
• Continuing	work	in	5GENSURE.EU Project
Department of Computer Science
24
5G	ENSURE	receives	funding	from	the	EU	Framework	Programme for	
Research	and	Innovation	H2020	under	grant	agreement	No	671562	|	
Duration	November	2015	– October	2017
The	5G	Infrastructure	Public	Private	
Partnership	(SG	PPP)
5G	Enablers	for	network	and	system	security	and	resilience	
@5GEnsure
5G-ENSURE:	http://www.5gensure.eu
contact@5gensure.eu
Questions…

More Related Content

What's hot

SIP: Call Id, Cseq, Via-branch, From & To-tag role play
SIP: Call Id, Cseq, Via-branch, From & To-tag role playSIP: Call Id, Cseq, Via-branch, From & To-tag role play
SIP: Call Id, Cseq, Via-branch, From & To-tag role playSridhar Kumar N
 
Gsm security
Gsm securityGsm security
Gsm securityAli Kamil
 
Active directory
Active directory Active directory
Active directory deshvikas
 
Getting to the Edge – Exploring 4G/5G Cloud-RAN Deployable Solutions
Getting to the Edge – Exploring 4G/5G Cloud-RAN Deployable SolutionsGetting to the Edge – Exploring 4G/5G Cloud-RAN Deployable Solutions
Getting to the Edge – Exploring 4G/5G Cloud-RAN Deployable SolutionsRadisys Corporation
 
Session initiation protocol SIP
Session initiation protocol SIPSession initiation protocol SIP
Session initiation protocol SIPLaraib Khan
 
Gsm technology
Gsm technologyGsm technology
Gsm technologyggrajan46
 
CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)Networkel
 
What is an SBC? A look at the role of the Session Border Controller
What is an SBC?  A look at the role of the Session Border ControllerWhat is an SBC?  A look at the role of the Session Border Controller
What is an SBC? A look at the role of the Session Border ControllerAlan Percy
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Gsm presentation shaikot
Gsm presentation shaikotGsm presentation shaikot
Gsm presentation shaikotsivakumar D
 
Insights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryInsights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryRealTime-at-Work (RTaW)
 

What's hot (20)

Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
Dns security
Dns securityDns security
Dns security
 
SIP: Call Id, Cseq, Via-branch, From & To-tag role play
SIP: Call Id, Cseq, Via-branch, From & To-tag role playSIP: Call Id, Cseq, Via-branch, From & To-tag role play
SIP: Call Id, Cseq, Via-branch, From & To-tag role play
 
Gsm security
Gsm securityGsm security
Gsm security
 
GSM Presentation
GSM PresentationGSM Presentation
GSM Presentation
 
DHCP
DHCPDHCP
DHCP
 
Active directory
Active directory Active directory
Active directory
 
Mobile ad-hoc network [autosaved]
Mobile ad-hoc network [autosaved]Mobile ad-hoc network [autosaved]
Mobile ad-hoc network [autosaved]
 
Getting to the Edge – Exploring 4G/5G Cloud-RAN Deployable Solutions
Getting to the Edge – Exploring 4G/5G Cloud-RAN Deployable SolutionsGetting to the Edge – Exploring 4G/5G Cloud-RAN Deployable Solutions
Getting to the Edge – Exploring 4G/5G Cloud-RAN Deployable Solutions
 
Catching IMSI Catchers
Catching IMSI CatchersCatching IMSI Catchers
Catching IMSI Catchers
 
Unit II -Mobile telecommunication systems
Unit II -Mobile telecommunication systemsUnit II -Mobile telecommunication systems
Unit II -Mobile telecommunication systems
 
Session initiation protocol SIP
Session initiation protocol SIPSession initiation protocol SIP
Session initiation protocol SIP
 
Gsm technology
Gsm technologyGsm technology
Gsm technology
 
CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)
 
3GPP IMS
3GPP IMS3GPP IMS
3GPP IMS
 
What is an SBC? A look at the role of the Session Border Controller
What is an SBC?  A look at the role of the Session Border ControllerWhat is an SBC?  A look at the role of the Session Border Controller
What is an SBC? A look at the role of the Session Border Controller
 
Big data security
Big data securityBig data security
Big data security
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
 
Gsm presentation shaikot
Gsm presentation shaikotGsm presentation shaikot
Gsm presentation shaikot
 
Insights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryInsights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service Discovery
 

Similar to WiFi-Based IMSI Catcher

WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
D2T2 - Bye Bye IMSI Catchers - Security Enhancements in 5g - Lin Huang.pdf
D2T2 - Bye Bye IMSI Catchers - Security Enhancements in 5g - Lin Huang.pdfD2T2 - Bye Bye IMSI Catchers - Security Enhancements in 5g - Lin Huang.pdf
D2T2 - Bye Bye IMSI Catchers - Security Enhancements in 5g - Lin Huang.pdff2po1
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...CODE BLUE
 
Smartphone security
Smartphone securitySmartphone security
Smartphone securityMike Brannon
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_roomNCC Group
 
Creating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdkCreating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdkMartin Vigo
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authenticationZTech Proje
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iPrecisely
 
Big data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is YoursBig data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is YoursDilum Bandara
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authenticationZTech Proje
 
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...Priyanka Aash
 
Outsmarting the Smart City
Outsmarting the Smart CityOutsmarting the Smart City
Outsmarting the Smart CityPriyanka Aash
 

Similar to WiFi-Based IMSI Catcher (20)

OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014OWASP Mobile TOP 10 2014
OWASP Mobile TOP 10 2014
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
D2T2 - Bye Bye IMSI Catchers - Security Enhancements in 5g - Lin Huang.pdf
D2T2 - Bye Bye IMSI Catchers - Security Enhancements in 5g - Lin Huang.pdfD2T2 - Bye Bye IMSI Catchers - Security Enhancements in 5g - Lin Huang.pdf
D2T2 - Bye Bye IMSI Catchers - Security Enhancements in 5g - Lin Huang.pdf
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
[CB16] BLE authentication design challenges on smartphone controlled IoT devi...
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room
 
Lect 6 computer forensics
Lect 6 computer forensicsLect 6 computer forensics
Lect 6 computer forensics
 
Creating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdkCreating secure apps using the salesforce mobile sdk
Creating secure apps using the salesforce mobile sdk
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authentication
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM i
 
Big data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is YoursBig data, Security, or Privacy in IoT: Choice is Yours
Big data, Security, or Privacy in IoT: Choice is Yours
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authentication
 
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
Outsmarting the Smart City: DISCOVERING AND ATTACKING THE TECHNOLOGY THAT RUN...
 
Outsmarting the Smart City
Outsmarting the Smart CityOutsmarting the Smart City
Outsmarting the Smart City
 

More from Shakacon

Web (dis)assembly
Web (dis)assemblyWeb (dis)assembly
Web (dis)assemblyShakacon
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can youShakacon
 
Cloud forensics putting the bits back together
Cloud forensics putting the bits back togetherCloud forensics putting the bits back together
Cloud forensics putting the bits back togetherShakacon
 
Pwned in Translation - from Subtitles to RCE
Pwned in Translation - from Subtitles to RCEPwned in Translation - from Subtitles to RCE
Pwned in Translation - from Subtitles to RCEShakacon
 
Oversight: Exposing spies on macOS
Oversight: Exposing spies on macOS Oversight: Exposing spies on macOS
Oversight: Exposing spies on macOS Shakacon
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerShakacon
 
A Decompiler for Blackhain-Based Smart Contracts Bytecode
A Decompiler for Blackhain-Based Smart Contracts BytecodeA Decompiler for Blackhain-Based Smart Contracts Bytecode
A Decompiler for Blackhain-Based Smart Contracts BytecodeShakacon
 
Honey, I Stole Your C2 Server: A Dive into Attacker Infrastructure
Honey, I Stole Your C2 Server:  A Dive into Attacker InfrastructureHoney, I Stole Your C2 Server:  A Dive into Attacker Infrastructure
Honey, I Stole Your C2 Server: A Dive into Attacker InfrastructureShakacon
 
Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir   incident response in a containerized, immutable, continually deploy...Dock ir   incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...Shakacon
 
Reviewing the Security of ASoC Drivers in Android Kernel
Reviewing the Security of ASoC Drivers in Android KernelReviewing the Security of ASoC Drivers in Android Kernel
Reviewing the Security of ASoC Drivers in Android KernelShakacon
 
Silent Protest: A Wearable Protest Network
Silent Protest:  A Wearable Protest NetworkSilent Protest:  A Wearable Protest Network
Silent Protest: A Wearable Protest NetworkShakacon
 
Sad Panda Analysts: Devolving Malware
Sad Panda Analysts:  Devolving MalwareSad Panda Analysts:  Devolving Malware
Sad Panda Analysts: Devolving MalwareShakacon
 
reductio [ad absurdum]
reductio [ad absurdum]reductio [ad absurdum]
reductio [ad absurdum]Shakacon
 
XFLTReat: a new dimension in tunnelling
XFLTReat:  a new dimension in tunnellingXFLTReat:  a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingShakacon
 
Windows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresWindows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresShakacon
 
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...Shakacon
 
The Search for the Perfect Door - Deviant Ollam
The Search for the Perfect Door - Deviant OllamThe Search for the Perfect Door - Deviant Ollam
The Search for the Perfect Door - Deviant OllamShakacon
 
Swift Reversing by Ryan Stortz
Swift Reversing by Ryan StortzSwift Reversing by Ryan Stortz
Swift Reversing by Ryan StortzShakacon
 

More from Shakacon (20)

Web (dis)assembly
Web (dis)assemblyWeb (dis)assembly
Web (dis)assembly
 
Macdoored
MacdooredMacdoored
Macdoored
 
I can be apple and so can you
I can be apple and so can youI can be apple and so can you
I can be apple and so can you
 
Cloud forensics putting the bits back together
Cloud forensics putting the bits back togetherCloud forensics putting the bits back together
Cloud forensics putting the bits back together
 
Pwned in Translation - from Subtitles to RCE
Pwned in Translation - from Subtitles to RCEPwned in Translation - from Subtitles to RCE
Pwned in Translation - from Subtitles to RCE
 
Oversight: Exposing spies on macOS
Oversight: Exposing spies on macOS Oversight: Exposing spies on macOS
Oversight: Exposing spies on macOS
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layer
 
Shamoon
ShamoonShamoon
Shamoon
 
A Decompiler for Blackhain-Based Smart Contracts Bytecode
A Decompiler for Blackhain-Based Smart Contracts BytecodeA Decompiler for Blackhain-Based Smart Contracts Bytecode
A Decompiler for Blackhain-Based Smart Contracts Bytecode
 
Honey, I Stole Your C2 Server: A Dive into Attacker Infrastructure
Honey, I Stole Your C2 Server:  A Dive into Attacker InfrastructureHoney, I Stole Your C2 Server:  A Dive into Attacker Infrastructure
Honey, I Stole Your C2 Server: A Dive into Attacker Infrastructure
 
Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir   incident response in a containerized, immutable, continually deploy...Dock ir   incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...
 
Reviewing the Security of ASoC Drivers in Android Kernel
Reviewing the Security of ASoC Drivers in Android KernelReviewing the Security of ASoC Drivers in Android Kernel
Reviewing the Security of ASoC Drivers in Android Kernel
 
Silent Protest: A Wearable Protest Network
Silent Protest:  A Wearable Protest NetworkSilent Protest:  A Wearable Protest Network
Silent Protest: A Wearable Protest Network
 
Sad Panda Analysts: Devolving Malware
Sad Panda Analysts:  Devolving MalwareSad Panda Analysts:  Devolving Malware
Sad Panda Analysts: Devolving Malware
 
reductio [ad absurdum]
reductio [ad absurdum]reductio [ad absurdum]
reductio [ad absurdum]
 
XFLTReat: a new dimension in tunnelling
XFLTReat:  a new dimension in tunnellingXFLTReat:  a new dimension in tunnelling
XFLTReat: a new dimension in tunnelling
 
Windows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul RascagneresWindows Systems & Code Signing Protection by Paul Rascagneres
Windows Systems & Code Signing Protection by Paul Rascagneres
 
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...
When Encryption is Not Enough...Sumanth Naropanth, Chandra Prakash Gopalaiah ...
 
The Search for the Perfect Door - Deviant Ollam
The Search for the Perfect Door - Deviant OllamThe Search for the Perfect Door - Deviant Ollam
The Search for the Perfect Door - Deviant Ollam
 
Swift Reversing by Ryan Stortz
Swift Reversing by Ryan StortzSwift Reversing by Ryan Stortz
Swift Reversing by Ryan Stortz
 

Recently uploaded

Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 

Recently uploaded (20)

Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 

WiFi-Based IMSI Catcher