Submit Search
Upload
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
•
0 likes
•
98 views
Felipe Prado
Follow
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
Read less
Read more
Technology
Report
Share
Report
Share
1 of 26
Download now
Download to read offline
Recommended
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Encryption
Voice encryption for gsm using arduino
Voice encryption for gsm using arduino
iruldaworld
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Syuan Wang
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical Overview
PrivateWave Italia SpA
Network Security Through FIREWALL
Network Security Through FIREWALL
TheCreativedev Blog
Encrypted Voice Communications
Encrypted Voice Communications
sbwahid
BACnet/SC: A Secure Alternative to BACnet/IP
BACnet/SC: A Secure Alternative to BACnet/IP
Cimetrics Inc
IoT Workshop with Sigfox & Arduino - Copenhagen Business School
IoT Workshop with Sigfox & Arduino - Copenhagen Business School
Nicolas Lesconnec
Recommended
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Encryption
Voice encryption for gsm using arduino
Voice encryption for gsm using arduino
iruldaworld
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Labmeeting - 20150211 - Novel End-to-End Voice Encryption Method in GSM System
Syuan Wang
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical Overview
PrivateWave Italia SpA
Network Security Through FIREWALL
Network Security Through FIREWALL
TheCreativedev Blog
Encrypted Voice Communications
Encrypted Voice Communications
sbwahid
BACnet/SC: A Secure Alternative to BACnet/IP
BACnet/SC: A Secure Alternative to BACnet/IP
Cimetrics Inc
IoT Workshop with Sigfox & Arduino - Copenhagen Business School
IoT Workshop with Sigfox & Arduino - Copenhagen Business School
Nicolas Lesconnec
PriveComms PriveIN mesh digital operation field overview 2020
PriveComms PriveIN mesh digital operation field overview 2020
Arimo Koivisto
Benefits of SIP Trunking
Benefits of SIP Trunking
IntelePeer
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
Omer Coskun
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
P1Security
BACnet/IP good field implementation practices
BACnet/IP good field implementation practices
Cimetrics Inc
Sigfox + Arduino MKRFOX Workshop
Sigfox + Arduino MKRFOX Workshop
Nicolas Lesconnec
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Martin Vigo
Forti wifi
Forti wifi
Lan & Wan Solutions
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Fatih Ozavci
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
Suhas Desai
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best Practices
John Rhoton
Sigfox x Arduino Workshop
Sigfox x Arduino Workshop
Nicolas Lesconnec
Sigfox World Expo - Advanced Workshop
Sigfox World Expo - Advanced Workshop
Nicolas Lesconnec
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI Gateway
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI Gateway
Matrix Comsec
BLUETOOTH SECURITY
BLUETOOTH SECURITY
Jay Nagar
Wi fi-security-the-details-matter
Wi fi-security-the-details-matter
DESMOND YUEN
Technical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - english
PrivateWave Italia SpA
Key scan wireless reciever
Key scan wireless reciever
David Burnett
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.
Security Issues In Voip
Security Issues In Voip
Waqas Daar
M08 protecting your message data in IBM MQ with encryption
M08 protecting your message data in IBM MQ with encryption
Robert Parker
Webinar Renesas - IoT é Segura? Com Renesas Synergy sim! E o SSP 1.5 tornou a...
Webinar Renesas - IoT é Segura? Com Renesas Synergy sim! E o SSP 1.5 tornou a...
Embarcados
More Related Content
What's hot
PriveComms PriveIN mesh digital operation field overview 2020
PriveComms PriveIN mesh digital operation field overview 2020
Arimo Koivisto
Benefits of SIP Trunking
Benefits of SIP Trunking
IntelePeer
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
Omer Coskun
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
P1Security
BACnet/IP good field implementation practices
BACnet/IP good field implementation practices
Cimetrics Inc
Sigfox + Arduino MKRFOX Workshop
Sigfox + Arduino MKRFOX Workshop
Nicolas Lesconnec
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Martin Vigo
Forti wifi
Forti wifi
Lan & Wan Solutions
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Fatih Ozavci
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
Suhas Desai
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best Practices
John Rhoton
Sigfox x Arduino Workshop
Sigfox x Arduino Workshop
Nicolas Lesconnec
Sigfox World Expo - Advanced Workshop
Sigfox World Expo - Advanced Workshop
Nicolas Lesconnec
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI Gateway
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI Gateway
Matrix Comsec
BLUETOOTH SECURITY
BLUETOOTH SECURITY
Jay Nagar
Wi fi-security-the-details-matter
Wi fi-security-the-details-matter
DESMOND YUEN
Technical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - english
PrivateWave Italia SpA
Key scan wireless reciever
Key scan wireless reciever
David Burnett
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.
Security Issues In Voip
Security Issues In Voip
Waqas Daar
What's hot
(20)
PriveComms PriveIN mesh digital operation field overview 2020
PriveComms PriveIN mesh digital operation field overview 2020
Benefits of SIP Trunking
Benefits of SIP Trunking
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
BACnet/IP good field implementation practices
BACnet/IP good field implementation practices
Sigfox + Arduino MKRFOX Workshop
Sigfox + Arduino MKRFOX Workshop
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Forti wifi
Forti wifi
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
Hardware Hacking Chronicles: IoT Hacking for Offence and Defence
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best Practices
Sigfox x Arduino Workshop
Sigfox x Arduino Workshop
Sigfox World Expo - Advanced Workshop
Sigfox World Expo - Advanced Workshop
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI Gateway
Matrix Telecom Solutions: SETU VGB - Fixed VoIP to GSM/3G-ISDN BRI Gateway
BLUETOOTH SECURITY
BLUETOOTH SECURITY
Wi fi-security-the-details-matter
Wi fi-security-the-details-matter
Technical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - english
Key scan wireless reciever
Key scan wireless reciever
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
Security Issues In Voip
Security Issues In Voip
Similar to DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
M08 protecting your message data in IBM MQ with encryption
M08 protecting your message data in IBM MQ with encryption
Robert Parker
Webinar Renesas - IoT é Segura? Com Renesas Synergy sim! E o SSP 1.5 tornou a...
Webinar Renesas - IoT é Segura? Com Renesas Synergy sim! E o SSP 1.5 tornou a...
Embarcados
Configuring-Cisco-CME.ppt
Configuring-Cisco-CME.ppt
JuanManuelCeAcatlSal
Ethernet basics
Ethernet basics
erick4chitsime
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
ADVA
Security model evaluation of 3 g
Security model evaluation of 3 g
Rotract CLUB of BSAU
Embedded SIM New opportunities for security sensitive IoT applications
Embedded SIM New opportunities for security sensitive IoT applications
M2M Alliance e.V.
NXP FRDM-K64F Platform with ARM mbed Demo - Edinburgh 2016 Workshop
NXP FRDM-K64F Platform with ARM mbed Demo - Edinburgh 2016 Workshop
Open Mobile Alliance
Webinar: Comunicação TCP/IP segura
Webinar: Comunicação TCP/IP segura
Embarcados
SigfoxMakersDay Total
SigfoxMakersDay Total
Aurelien Lequertier
Intermediate: Security in Mobile Cellular Networks
Intermediate: Security in Mobile Cellular Networks
3G4G
20171106 - Workshop lille
20171106 - Workshop lille
Anthony Charbonnier
R43019698
R43019698
IJERA Editor
IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...
IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...
Mikael Falkvidd
177732477-Voice-101.pdf
177732477-Voice-101.pdf
MohamedShabana37
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
CODE BLUE
44Con 2014: GreedyBTS - Hacking Adventures in GSM
44Con 2014: GreedyBTS - Hacking Adventures in GSM
iphonepentest
Iport ntx pro-embedded_video_interface_data_sheet
Iport ntx pro-embedded_video_interface_data_sheet
Workswell s.r.o.
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
ADVA
ST tech tour - sigfox presentation & hands-on demp
ST tech tour - sigfox presentation & hands-on demp
François Oudot
Similar to DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
(20)
M08 protecting your message data in IBM MQ with encryption
M08 protecting your message data in IBM MQ with encryption
Webinar Renesas - IoT é Segura? Com Renesas Synergy sim! E o SSP 1.5 tornou a...
Webinar Renesas - IoT é Segura? Com Renesas Synergy sim! E o SSP 1.5 tornou a...
Configuring-Cisco-CME.ppt
Configuring-Cisco-CME.ppt
Ethernet basics
Ethernet basics
Introducing ConnectGuard™ Cloud
Introducing ConnectGuard™ Cloud
Security model evaluation of 3 g
Security model evaluation of 3 g
Embedded SIM New opportunities for security sensitive IoT applications
Embedded SIM New opportunities for security sensitive IoT applications
NXP FRDM-K64F Platform with ARM mbed Demo - Edinburgh 2016 Workshop
NXP FRDM-K64F Platform with ARM mbed Demo - Edinburgh 2016 Workshop
Webinar: Comunicação TCP/IP segura
Webinar: Comunicação TCP/IP segura
SigfoxMakersDay Total
SigfoxMakersDay Total
Intermediate: Security in Mobile Cellular Networks
Intermediate: Security in Mobile Cellular Networks
20171106 - Workshop lille
20171106 - Workshop lille
R43019698
R43019698
IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...
IoT LPWAN network security: Sigfox and LoRaWAN (Mikael Falkvidd @ Knowit secu...
177732477-Voice-101.pdf
177732477-Voice-101.pdf
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
44Con 2014: GreedyBTS - Hacking Adventures in GSM
44Con 2014: GreedyBTS - Hacking Adventures in GSM
Iport ntx pro-embedded_video_interface_data_sheet
Iport ntx pro-embedded_video_interface_data_sheet
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
ST tech tour - sigfox presentation & hands-on demp
ST tech tour - sigfox presentation & hands-on demp
More from Felipe Prado
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
Felipe Prado
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
Felipe Prado
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
Felipe Prado
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
Felipe Prado
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
Felipe Prado
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
Felipe Prado
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
Felipe Prado
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
Felipe Prado
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
Felipe Prado
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
Felipe Prado
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
Felipe Prado
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
Felipe Prado
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
Felipe Prado
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
Felipe Prado
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
Felipe Prado
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
Felipe Prado
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
Felipe Prado
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
Felipe Prado
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
Felipe Prado
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
Felipe Prado
More from Felipe Prado
(20)
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
Recently uploaded
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
BookNet Canada
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
ngoud9212
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Deakin University
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
Neo4j
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
null - The Open Security Community
Recently uploaded
(20)
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
1.
GSM: WE CAN
HEAR EVERYONE NOW! DEFCON 2019 Campbell Murray, Eoin Buckley James Kulikowski, Bartek Piekarski BlackBerry
2.
© 2018 BlackBerry.
All Rights Reserved. 22 Biographical Information Eoin Buckley Senior Cybersecurity Consultant Campbell Murray Global Head of BlackBerry Cybersecurity Delivery Bartek Piekarski Senior Cybersecurity Consultant James Kulikowski Senior Cybersecurity Consultant
3.
© 2018 BlackBerry.
All Rights Reserved. 33 AGENDA Topic: Vulnerability in GSM and generating an indicator to exploit it • Section 1: Intro to GSM • Section 2: Concept Overview • Section 3: Test Lab Setup & Demonstration • Section 4: Cellular Security Discussion
4.
Introduction To GSM
5.
© 2018 BlackBerry.
All Rights Reserved. 55 GSM Introduction • Concept for GSM (digital) started in the late 1980s • Major improvement over AMPS (analogue) • GSM Security has several design issues • Support for key sizes <= 64 bits • Encrypted data contains redundancy • Error control coding before ciphering
6.
© 2018 BlackBerry.
All Rights Reserved. 66 GSM Introduction Timeslot - Contains 114 encrypted data Midamble (26 bits) Encrypted data (57 bits) Encrypted data (57 bits) Guard (8.25 bits)Tail (3 bits) Tail (3 bits)Stealing bit 0 1 2 3 4 5 6 7 Multiframe Superframe Hyperframe 1 Hyperframe ~ 3 hours 29 minutes Frame - Contains 8 timeslots Hyperframe - Contains 2,715,648 frames
7.
© 2018 BlackBerry.
All Rights Reserved. 77 GSM Introduction GSM based on symmetric encryption - Specified ciphers: A5/1, A5/3 & A5/4 - A5/1 up to 64 bit key - A5/3 up to 64 bit key - A5/4 up to 128 bit key - Note: A5/2 disallowed in 2000’s - NIST guidance: 112 bit security strength - “The use of keys that provide less than 112 bits of security strength for key agreement is now disallowed” A5/X Cipher Frame number Kc Cipherstream
8.
Concept Overview
9.
© 2018 BlackBerry.
All Rights Reserved. 99 Concept Overview Message Error Control Codeword Cipherstream Cipher A5/x Ciphertext • Typical GSM Channel Structure with A5/1 • Encryption • Key maximum 64 bits length • Convolutional error control code • Intended to combat noise from wireless channel • Attack uses code to identify cipherstream “noise” Convolutional code
10.
© 2018 BlackBerry.
All Rights Reserved. 1010 Concept Overview Message Error Control Codeword Cipherstream Cipher A5/x Ciphertext • High level view of attack • Capture GSM packet • Compute a cipherstream/key indicator • Use convolutional code parameters • Use indicator with a Rainbow table to identify ciphering key • Use indicator as a fingerprint for ciphering key Convolutional code
11.
© 2018 BlackBerry.
All Rights Reserved. 1111 Concept Overview Message (184 bits)Conv. Codeword (456 bits) Cipherstream (456 bits) Cipher A5/3 Ciphertext (456 bits) • Demonstration uses SACCH control channel • Compromise of SACCH also compromises voice (same key) • Works for any SACCH message • Indicator/fingerprint is independent of the message • Knowledge of plaintext is not needed Convolutional code SACCH FIRE code (224 bits)
12.
© 2018 BlackBerry.
All Rights Reserved. 1212 Concept Overview • Computing the indicator Input m (224 bits) Conv. Code Encrypted Conv. stream c1 (228 bits) Cipher A5/x g1 g2 Encrypted Conv. stream c2 (228 bits) Deconvolve stream c1 & g1 Deconvolve stream c2 & g2 xor streams q1 & q2 Stream q1 (224 bits) Stream q2 (224 bits) Stream q1 xor q2 (224 bits) 1 0 0 1 1 0 0 0 1 …. 1 0 1 0 1 1 0 1 1 …. Conv. Code Parameters • g1: 1 0 0 1 1 • g2: 1 1 0 1 1 Indicator Deconvolution xor
13.
© 2018 BlackBerry.
All Rights Reserved. 1313 Concept Overview • The indicator “q1 xor q2” is • Computed using the full convolutional codeword • Need 4x114 bursts • Independent of SACCH message • Fully determined by 1)The cipher stream and 2) Convolutional code • Full indicator length 224 bits • More than sufficient to identify a 64 bit key
14.
Test Lab Setup
& Demonstration
15.
© 2018 BlackBerry.
All Rights Reserved. 1515 Hardware • Various unlocked cellular devices • 2G compliant Programable SIM cards • PC SmartCard reader/writer • Ettus Research N210 WBX • Mini GPS ref. clock • AirSpy SDR • Various antennas
16.
© 2018 BlackBerry.
All Rights Reserved. 1616 Software • RangeNetworks SDMN 7.0.4 • RangeNetworks OpenBTS 7.0.4 • PySIM • GNU Radio 3.7.0 • GR-GSM • GNU Octave 5.1
17.
© 2018 BlackBerry.
All Rights Reserved. 1717 Lab Configuration • All GSM testing run under RF isolation • Cipher Mode configured for A5/3 • SACCH random neighbor protection enabled • Random padding filler protection enabled
18.
© 2018 BlackBerry.
All Rights Reserved. 1818 GR-GSM Configuration Opening file, parsing, GSM signal processing Output to wireshark Kc/None A5/x • Raw data filtered into files. • Process relevant timeslot file to produce indicator
19.
© 2018 BlackBerry.
All Rights Reserved. 1919 Considerations in Mounting Attack • Small key size: A5/1 & A5/3 • Key length up to 64 bits • NIST guidance: 112 bit security strength for key agreement • Rainbow table computation • Estimates based on 1 rig (4x NVIDIA GTX1080) proof-of-concept using opencl • A5/1, 64 bit key: Obtain 10% coverage using 500 rigs for 200 days • A5/3, 1 epoch, 64 bit key: Obtain 10% key coverage using 500 rigs for 263 days
20.
Cellular Security Discussion
21.
© 2018 BlackBerry.
All Rights Reserved. 2121 Cellular Security • Indicator attack possible in GSM voice: • Small key size (e.g. At most 64 bits for A5/1 & A5/3) • Up to 64 bit key size for A5/1 & A5/3 • NIST guidance: 112 bit security strength for key agreement • Ciphering performed after error control coding • Additional attacks on GSM include: • Karsten Nohl (DEFCON 2010) “Attacking phone privacy” • Barkan et al. 2006 “Instant Ciphertext-only Cryptanalysis of GSM encrypted communication” • False Basestation attacks
22.
© 2018 BlackBerry.
All Rights Reserved. 2222 Cellular Security • Beyond GSM into 3G-to-5G: • Reduced security risk • Minimum encrypting key size of 128 bits • Error control coding applied after encryption not before • Cellular industry actively studying solutions for GSM security • 3GPP TR 33.809 v0.5.0 “Study on 5G Security Enhancements against False Basestations”
23.
Q&A Thank You
24.
Appendix
25.
© 2018 BlackBerry.
All Rights Reserved. 2525 Appendix Consider the addition of the A5/x cipherstream to the codeword ▪ Separate cipherstream into portion xor’d for conv code output 1 & 2 ▪ Let output 1 cipherstream be: s1 ▪ Let output 2 cipherstream be: s2 Denote the resulting ciphertext portions as: ▪ c1 = s1 + p1 = s1 + m*g1 ▪ c2 = s1 + p2 = s2 + m*g2 Message m p1 Conv. Code (1st half of A5/x output) s1 c1 s2 (2nd half of A5/x output) p2 c2
26.
© 2018 BlackBerry.
All Rights Reserved. 2626 Appendix The key to the attack is that the ciphertext portions can also be divided by g1 & g2 respectively for quotient q1 & q2 ▪ C1 = s1 + p1 = s1 + m*g1 = (q1*g1 + r1) + m*g1 ▪ C2 = s2 + p2 = s2 + m*g2 = (q2*g2 + r2) + m*g2 Rearranging c1&c2 we can now write ▪ C1 = (q1*g1 + r1) + m*g1 = (q1 + m)*g1 + r1 ▪ C2 = (q2*g2 + r2) + m*g2 = (q2 + m)*g2 + r2 By deconvolving the ciphertext c1&c2 by g1&g2 respectively we can product the quotients ▪ (q1+m) ▪ (q2+m) Adding these quotients generates (q1+q2) which is independent of the “m” : ▪ (q1+m) + (q2+m) = (q1+q2)
Download now