SlideShare a Scribd company logo

How to Intercept a Conversation Held on the Other Side of the Planet

Positive Hack Days
Positive Hack Days
TechnologyBusiness
1 of 140
Download to read offline
How to Intercept a Conversation Held on the Other Side of the Planet
Who we are Sergey Puzankov Dmitry Kurbatov Information Security Specialists Positive Technologies
Denial of Service on Mobile Switching Center Fraud in SS7 network Short Message Interception USSD Money Transfer Subscriber’s Location Voice Call Interception Hot for Mobile network operators Hot for everyone Topics
All of us are subscribers Service Availability Quality of Service Security
Mobile Services Dynamics Voice Mobile Data Traffic
Yesterday: Closed Ecosystems
Today: Unified Technologies
Today: Common Interfaces
Today: IP Connectivity
Today: Widen Borders Get your own femtocell • Hack it • Upload modified firmware • Make a call/SMS interception • Get into IPsec • Get into Core network
Tomorrow: virtualization
SIGTRAN Time Machine Through SIGTRAN back to 1970’s
SS7 SS7 Network HLR A B MSC VLR Gateway MSC Billing SMS-C
SS7 HLRMSC VLR Gateway MSC Billing SMS-C Radio Part A B Cell Phone Base Transceiver Station Base Station Controller
SS7 MSC/VLR HLR A B Gateway MSC Billing SMS-C MSC VLR Mobile Switching Center Visitor Location Register
SS7 Gateway MSC HLR A B MSC VLR Billing SMS-C Gateway MSC Gateway Mobile Switching Center
SS7 SMS-C HLR A B MSC VLR Gateway MSC Billing SMS-C Short Message Service Center
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C Homeу Location Register HLR
SS7 Billing A B MSC VLR Gateway MSC SMS-C HLR Billing
SS7 IDs HLR A B MSC VLR Gateway MSC Billing SMS-C GT – Global Title 0 123 4567890
SS7 IDs HLR A B MSC VLR Gateway MSC Billing SMS-C GT – Global Title 0 123 4567890 MSISDN – A or B mobile numbers 0 123 4567890
SS7 IDs HLR A B MSC VLR Gateway MSC Billing SMS-C GT – Global Title 0 123 4567890 MSISDN – A or B mobile numbers 0 123 4567890 MSRN – Mobile Subscriber Roaming Number 0 123 4567890
SS7 IDs HLR A B MSC VLR Gateway MSC Billing SMS-C GT – Global Title 0 123 4567890 MSISDN – A or B mobile numbers 0 123 4567890 MSRN – Mobile Subscriber Roaming Number 0 123 4567890 IMSI – International Mobile Subscriber Identity 15 digits
SS7 How to get in? HLR A B MSC VLR Gateway MSC Billing SMS-C
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS Core PS Core IMS Core Networks
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto Access Networks
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX Exchange Points
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support Support
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support IT IT network
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support Internet Internet IT network
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support Internet IT networkTraffic
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support Internet IT networkThreats Attacker Attacker Attacker Attacker AttackerAttacker
SS7 HLR A B MSC VLR Gateway MSC Billing SMS-C CS CoreUTRAN PS Core IMS LTE Wi-Fi WiMAX PON DSL Femto GRX/IPX OAM Remote support Internet IT networkThreat Attacker Attacker Attacker Attacker AttackerAttacker
Mobile Switching Center DoS Just like DHCP Starvation
SS7 Collect info HLR Attacker B Gateway MSC We know B-Number 0 123 4567802 MSC VLR
SS7 Collect info HLR Attacker as SMSC B MSC VLR Gateway MSC 1 We know B-Number 0 123 4567802 SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802?
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Attacker as SMSC
SS7 Make it starve HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits 3PRNprovideRoamingNumber I am HLR. My GT 1 321 4567801. Provide MSRN for Subscriber-B IMSI 15 digits.
SS7 Make it starve HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 3PRN 4 provideRoamingNumber MSRN 0 123 4560001
SS7 Make it starve HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 3PRN 4 Default timeouts for MSRN: • Ericsson – 30 sec • Huawei – 45 sec provideRoamingNumber MSRN 0 123 4560001
SS7 Make it starve HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 … MSRN 0 123 4569999 3PRN 4 provideRoamingNumber I am HLR. My GT 1 321 4567801. Provide MSRN for Subscriber-B IMSI 15 digits. provideRoamingNumber I am HLR. My GT 1 321 4567801. Provide MSRN for Subscriber-B IMSI 15 digits. provideRoamingNumber I am HLR. My GT 1 321 4567801. Provide MSRN for Subscriber-B IMSI 15 digits.… provideRoamingNumber MSRN 0 123 4560001provideRoamingNumber MSRN 0 123 4560001 provideRoamingNumber MSRN 0 123 4569999…
SS7 Make it starve HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 … MSRN 0 123 4569999 3PRN 4 provideRoamingNumber I am HLR. My GT 1 321 4567801. Provide MSRN for Subscriber-B IMSI 15 digits.
SS7 HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 … MSRN 0 123 4569999 3PRN 4 noRoamingNumberAvailable Make it starve
SS7 HLR Attacker as HLR B MSC VLR Gateway MSC We know MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits MSRN 0 123 4560001 … MSRN 0 123 4569999 3PRN 4 noRoamingNumberAvailable Make it starve
SS7 DoS HLR Attacker as HLR B Gateway MSC Real HLR 10k – 500k MSC VLR
SS7 DoS HLR Attacker as HLR Gateway MSC PRN Real HLR B 10k – 500k MSC VLR 3 provideRoamingNumber I am HLR. My GT 1 321 4568701. Provide MSRN for Subscriber-ANY IMSI 15 digits.
SS7 DoS HLR Attacker as HLR Gateway MSC PRN Real HLR B 10k – 500k MSC VLR 3 4 noRoamingNumberAvailable
SS7 DoS HLR Attacker as HLR Gateway MSC PRN Real HLR B 10k – 500k MSC VLR 3 4 No incoming calls Sad calling party
Fraud in SS7
SS7 SS7 interconnection HLRMSC VLR Gateway MSC Billing SMS-C HLRMSC VLR Gateway MSC Billing SMS-C HLRMSC VLR Gateway MSC Billing SMS-C Trusted environment
Leadership team HLRMSC VLR Gateway MSC Billing SMS-C CEO CSO CMO CCO CLO
Leadership team HLRMSC VLR Gateway MSC Billing SMS-C CEO CSO CMO CCO CLO Really?! Trust them?
Uncharged calls 1) Spoof MSC 2) Initiate «home network» call 3) Forward call anywhere
SS7 Collect info HLR Attacker B MSC VLR Gateway MSC We know B-Number 0 123 4567802 A
SS7 Collect info HLR Attacker as SMSC B MSC VLR Gateway MSC 1 We know B-Number 0 123 4567802 SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802? A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Attacker as SMSC A
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-B IMSI 15 digits. We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-B IMSI 15 digits. We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits HLR stores Subscriber-B IMSI 15 digits MSC/VLR 1 321 4567801 4
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits HLR stores Subscriber-B IMSI 15 digits MSC/VLR 1 321 4567801 4 We serve Subscriber-B
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 GatewayMSC knows nothing
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 5 6 sendRoutingInfo Where is Subscriber-B MSISDN 0 123 4567802 = Where is Subscriber-B located?
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 6 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 7 provideSubscriberInfo I am HLR. My GT 0 123 4567800. Provide location for the Subscriber-B.
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 6 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 7 8 provideSubscriberInfo Subscriber-B is in the Home network.
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 6 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 GatewayMSC knows that Subscriber-B is at home. This information will be sent to a billing platform. 7 8 8
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 5 9 sendRoutingInfo Where is Subscriber-B MSISDN 0 123 4567802 located = What is MSRN for Subscriber-B?
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 9 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 provideRoamingNumber I am HLR. My GT 0 123 4567800. Provide MSRN for Subscriber-B IMSI 15 digits. 10
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 9 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 provideRoamingNumber MSRN 53 12345678 10 11
SS7 Forward a call HLR Attacker as MSC B MSC VLR Gateway MSCA 5 9 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 GatewayMSC knows Subscriber-B MSRN 53 12345678 10 11 11
SS7 Forward a call to… Cuba HLR Attacker as MSC B MSC VLR Gateway MSCA 5 9 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 GatewayMSC knows Subscriber-B MSRN 53 12345678 10 11 11 12
SS7 Forward a call to… HLR Attacker as MSC B MSC VLR Gateway MSCA 5 9 provideRoamingNumber MSRN 53 12345678 HLR stores Subscriber-B MSISDN 0 123 4567802 IMSI 15 digits MSC/VLR 1 321 4567801 GatewayMSC knows Subscriber-B MSRN 53 12345678 10 11
Who pays? ACall from to while at “home” = $ 0.05B ACall from to = $ 1.00Cuba
Who pays? ACall from to while at “home” = $ 0.05B ACall from to = $ 1.00Cuba $ 1.00 - $ 0.05 = $ 0.95 – Attacker profit
Call from to = $ 0.30 Who pays? ACall from to while at “home” = $ 0.05B ACall from to = $ 1.00Cuba $ 1.00 - $ 0.05 = $ 0.95 – Attacker profit How much Mobile operator loses? MNO Cuba
SMS Interception 1) Collect info 2) Spoof MSC 3) Receive incoming SMSs
SS7 Collect info HLR Attacker B MSC VLR Gateway MSC We know B-Number 0 123 4567802 A SMS-C
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802? SMS-C
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits SMS-C
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-B IMSI 15 digits. We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits SMS-C
SS7 Spoof MSC HLR Attacker as MSC B MSC VLR Gateway MSCA 3 We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits HLR stores Subscriber-B IMSI 15 digits MSC/VLR 1 321 4567801 4 We serve Subscriber-B SMS-C
SS7 SMS interception HLR B MSC VLR Gateway MSC 5 Attacker as MSC A SMS-C 5 “Hi, meet at 8pm at Baker Street”
SS7 SMS interception HLR B MSC VLR Gateway MSC 5 6 Attacker as MSC A sendRoutingInfoForSM I am SMSC. My GT 0 123 4567804. Where is Subscriber-B MSISDN 0 123 4567802? SMS-C 5 “Hi, meet at 8pm at Baker Street”
SS7 SMS interception HLR B MSC VLR Gateway MSC 7 5 6 Attacker as MSC A sendRoutingInfoForSM I am SMSC. My GT 0 123 4567804. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 1 321 4567801 Subscriber-B IMSI 15 digits SMS-C 5 “Hi, meet at 8pm at Baker Street” HLR sends Attacker address instead of real MSC!
SS7 SMS interception HLR B MSC VLR Gateway MSC 7 5 6 8 Attacker as MSC A sendRoutingInfoForSM I am SMSC. My GT 0 123 4567804. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 1 321 4567801 Subscriber-B IMSI 15 digits SMS-C 5 “Hi, meet at 8pm at Baker Street” SMS-C routes this SMS to the received address.
SS7 SMS interception HLR B MSC VLR Gateway MSC 7 5 6 8 Attacker as MSC A sendRoutingInfoForSM I am SMSC. My GT 0 123 4567804. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 1 321 4567801 Subscriber-B IMSI 15 digits SMS-C 5 “Hi, meet at 8pm at Baker Street” SMS-C routes this SMS to the received address.
SMS interception 1. SMS chats 2. One time passwords 3. Confirmation codes 4. Password recovery
Money Transfer Using USSD 1) Collect info 2) Request account status 3) Transfer money
SS7 Collect info HLR Attacker B MSC VLR Gateway MSC We know B-Number 0 123 4567802 A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802?
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits
SS7 Send USSD 1 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits *100#3 processUnstructuredSS-Request I am MSC/VLR. Request how much money has subscriber with IMSI 15 digits?
SS7 Send USSD 1 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA processUnstructuredSS-Request I am MSC/VLR. Request how much money has subscriber with IMSI 15 digits? We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Account info. 3 4 processUnstructuredSS-Request Subscriber’s account is $$$$$.
SS7 Send USSD 1 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Account info. 4 processUnstructuredSS-Request Subscriber’s account is $$$$$. processUnstructuredSS-Request I am MSC/VLR. Request how much money has subscriber with IMSI 15 digits? 3
SS7 Send USSD 2 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Account info. *123*01238765400*100# processUnstructuredSS-Request I am MSC/VLR. Transfer money from IMSI 15 digits to my mobile account. 5
SS7 Send USSD 2 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Account info. 6 processUnstructuredSS-Request OK. processUnstructuredSS-Request I am MSC/VLR. Transfer money from IMSI 15 digits to my mobile account. 5
SS7 Send USSD 2 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Real account info. Subscriber B does not get SMS notification if Attacker combines this attack with the previuos one. 6 processUnstructuredSS-Request OK. processUnstructuredSS-Request I am MSC/VLR. Transfer money from IMSI 15 digits to my mobile account. 5
SS7 Send USSD 2 HLR Attacker as MSC/VLR B MSC VLR Gateway MSCA We know HLR 0 123 4567800 Subscriber-B IMSI 15 digits Real account info. Subscriber B does not get SMS notification if Attacker combines this attack with the previuos one. 6 processUnstructuredSS-Request OK. processUnstructuredSS-Request I am MSC/VLR. Transfer money from IMSI 15 digits to my mobile account. 5
Subscriber Location Discovery 1) Collect info 2) Receive Cell ID 3) Get point on the map
SS7 Collect info HLR Attacker B MSC VLR Gateway MSC We know B-Number 0 123 4567802 A
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know B-Number 0 123 4567802 Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802?
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Attacker as SMSC A SRI4SMsendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-B MSISDN 0 123 4567802? sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits
SS7 Get Cell ID HLR Attacker as HLR B MSC VLR Gateway MSC We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits 3PSIprovideSubscriberInfo I am HLR. My GT 1 321 4567801. Provide location for the Subscriber-B.
SS7 Get Cell ID HLR Attacker as HLR B MSC VLR Gateway MSC We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Cell ID 3PRN 4 provideSubscriberInfo Cell ID. provideSubscriberInfo I am HLR. My GT 1 321 4567801. Provide location for the Subscriber-B.
SS7 Get Cell ID HLR Attacker as HLR B MSC VLR Gateway MSC We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Cell ID 3PRN 4 provideSubscriberInfo Cell ID. provideSubscriberInfo I am HLR. My GT 1 321 4567801. Provide location for the Subscriber-B. MCC: 250 MNC: 90 LAC: 4A67 CID: 673D
SS7 Get location HLR Attacker as HLR B MSC VLR Gateway MSC We know B-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-B IMSI 15 digits Cell ID 5 MCC: 250 MNC: 90 LAC: 4A67 CID: 673D Search in Internet physical location by MCC, MNC, LAC, CID
Get location
Get location
Voice Call Interception 1) Collect info 2) Change subscriber profile 3) Add third party into mobile call
SS7 Collect info HLR Attacker B MSC VLR Gateway MSC We know A-Number 0 123 4567802 A Billing
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 SRI4SM We know A-Number 0 123 4567802 Attacker as SMSC A SRI4SM sendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-A MSISDN 0 123 4567802? Billing
SS7 Collect info HLR B MSC VLR Gateway MSC 1 1 2 2 SRI4SM We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Attacker as SMSC A SRI4SM sendRoutingInfoForSM I am HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Billing sendRoutingInfoForSM I am SMSC. My GT 1 321 4567801. Where is Subscriber-A MSISDN 0 123 4567802?
SS7 Collect info HLR Attacker as MSC B MSC VLR Gateway MSCA 3 updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-A IMSI 15 digits. We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Billing
SS7 Collect info HLR Attacker as MSC B MSC VLR Gateway MSCA 3 We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Billing 4 insertSubscriberData Subscriber’s profile: • Allowed/prohibited services • Forwarding settings • Billing platform address updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-A IMSI 15 digits.
SS7 Collect info HLR Attacker as MSC B MSC VLR Gateway MSCA 3 We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 4 updateLocation I am MSC/VLR. My GT 1 321 4567801. I serve Subscriber-A IMSI 15 digits. insertSubscriberData Subscriber’s profile: • Allowed/prohibited services • Forwarding settings • Address of billing platform
SS7 Collect info HLR Attacker as MSC B MSC VLR Gateway MSCA 5 We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing updateLocation I am MSC/VLR. My GT 1 321 4567801. Subscriber-A IMSI 15 digits is served by 0 123 4567803 5
updateLocation I am MSC/VLR. My GT 1 321 4567801. Subscriber-A IMSI 15 digits is served by 0 123 4567803 SS7 Collect info HLR Attacker as MSC B MSC VLR Gateway MSCA 5 We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 5
SS7 Change profile HLR Attacker as HLR B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 6 insertSubscriberData I am HLR. Change profile for Subscriber-A. Billing GT 1 321 4567801.
SS7 Change profile HLR Attacker as HLR B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 6 7 insertSubscriberData OK. insertSubscriberData I am HLR. Change profile for Subscriber-A. Billing GT 1 321 4567801.
SS7 Change profile HLR Attacker as HLR B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 6 7 insertSubscriberData OK. insertSubscriberData I am HLR. Change profile for Subscriber-A. Billing GT 1 321 4567801.
SS7 Change profile HLR Attacker B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 6 7 insertSubscriberData OK. insertSubscriberData I am HLR. Change profile for Subscriber-A. Billing GT 1 321 4567801.
SS7 Call interception HLR Attacker as Billing B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as Billing B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing 9 9 HLR interrogation procedure: • sendRoutingInfo • provideSubscriberInfo Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as Billing B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 Billing InitialDP Start billing . Subscriber-A 0 123 4567802 calls to Subscriber-B 0 123 4567805 10 Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as Billing B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing InitialDP Start billing . Subscriber-A 0 123 4567802 calls to Subscriber-B 0 123 4567805 10 Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as Billing B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing Proceed billing. ApplyCharging RequestReportBCSMEvent Connect Reroute call to number 1 321 4567802 InitialDP Start billing . Subscriber-A 0 123 4567802 calls to Subscriber-B 0 123 4567805 10 11 Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as MSC B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing IAM Continue call. Subscriber-A 0 123 4567802 calls to Subscriber-C 1 321 4567802 12 Subscriber A calls to Subscriber B. 8
SS7 Call interception HLR Attacker as MSC B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing 12 Subscriber A calls to Subscriber B. 8 13 IAM Continue call. Subscriber-A 0 123 4567802 calls to Subscriber-C 1 321 4567802
SS7 Call interception HLR Attacker as MSC B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing IAM Initiate a new call Subscriber-A 0 123 4567802 calls to Subscriber-B 0 123 4567805 12 14 Subscriber A calls to Subscriber B. 8 13 IAM Continue call. Subscriber-A 0 123 4567802 calls to Subscriber-C 1 321 4567802
SS7 Call interception HLR Attacker as MSC B MSC VLR Gateway MSCA We know A-Number 0 123 4567802 HLR 0 123 4567800 MSC/VLR 0 123 4567803 Subscriber-A IMSI 15 digits Subscriber-A profile Billing 0 123 4567808 B-Number 0 123 4567805 Billing IAM Initiate a new call Subscriber-A 0 123 4567802 calls to Subscriber-B 0 123 4567805 12 14 8 13 15 Subscriber A calls to Subscriber B. IAM Continue call. Subscriber-A 0 123 4567802 calls to Subscriber-C 1 321 4567802
Conclusion SS7 rules Just the tip of the iceberg
The End. Sergey Puzankov Dmitry Kurbatov spuzankov@ptsecurity.com dkurbatov@ptsecurity.com Questions?
How to Intercept a Conversation Held on the Other Side of the Planet

Recommended

Worldwide attacks on SS7 network
Worldwide attacks on SS7 networkWorldwide attacks on SS7 network
Worldwide attacks on SS7 networkAlexandre De Oliveira
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkP1Security
 
Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...DefCamp
 
SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.3G4G
 
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
 
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Alejandro Corletti Estrada
 

Recommended

Worldwide attacks on SS7 network
Worldwide attacks on SS7 networkWorldwide attacks on SS7 network
Worldwide attacks on SS7 networkAlexandre De Oliveira
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkP1Security
 
Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...Mobile signaling threats and vulnerabilities - real cases and statistics from...
Mobile signaling threats and vulnerabilities - real cases and statistics from...DefCamp
 
SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.SS7: Locate. Track. Manipulate.
SS7: Locate. Track. Manipulate.3G4G
 
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
 
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...
Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or...Alejandro Corletti Estrada
 
Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeAttacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeP1Security
 
Philippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityPhilippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityP1Security
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 VulnerabilitiesPositiveTechnologies
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...EC-Council
 
IMS + VoLTE Overview
IMS + VoLTE OverviewIMS + VoLTE Overview
IMS + VoLTE OverviewHamidreza Bolhasani
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX networkAlexandre De Oliveira
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsP1Security
 
Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)Hamidreza Bolhasani
 
VoLTE Flows and CS network
VoLTE Flows and CS networkVoLTE Flows and CS network
VoLTE Flows and CS networkKarel Berkovec
 
Ss7 Introduction Li In
Ss7 Introduction Li InSs7 Introduction Li In
Ss7 Introduction Li Inmhaviv
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkPositiveTechnologies
 
SS7
SS7SS7
SS7denys.pozniak
 
VoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack ExplainedVoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack ExplainedVikas Shokeen
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyPositiveTechnologies
 
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...Vikas Shokeen
 
VoLTE flows - basics
VoLTE flows - basicsVoLTE flows - basics
VoLTE flows - basicsKarel Berkovec
 
VoLTE Interfaces , Protocols & IMS Stack
VoLTE Interfaces , Protocols & IMS StackVoLTE Interfaces , Protocols & IMS Stack
VoLTE Interfaces , Protocols & IMS StackVikas Shokeen
 
Call Forwarding
Call ForwardingCall Forwarding
Call ForwardingAkash Agrawal
 
TS31103 ISIM introduction
TS31103 ISIM introductionTS31103 ISIM introduction
TS31103 ISIM introductionKimmy Yang
 
CS-Core Mobile Network (General)
CS-Core Mobile Network (General)CS-Core Mobile Network (General)
CS-Core Mobile Network (General)Hamidreza Bolhasani
 
Quick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoiceQuick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoice3G4G
 
Introduction to Telco-OTT Services
Introduction to Telco-OTT ServicesIntroduction to Telco-OTT Services
Introduction to Telco-OTT ServicesMartin Geddes
 

More Related Content

What's hot

Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeAttacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeP1Security
 
Philippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityPhilippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityP1Security
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...EC-Council
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsP1Security
 
Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)Hamidreza Bolhasani
 
VoLTE Flows and CS network
VoLTE Flows and CS networkVoLTE Flows and CS network
VoLTE Flows and CS networkKarel Berkovec
 
Ss7 Introduction Li In
Ss7 Introduction Li InSs7 Introduction Li In
Ss7 Introduction Li Inmhaviv
 
VoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack ExplainedVoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack ExplainedVikas Shokeen
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyPositiveTechnologies
 
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...Vikas Shokeen
 
VoLTE Interfaces , Protocols & IMS Stack
VoLTE Interfaces , Protocols & IMS StackVoLTE Interfaces , Protocols & IMS Stack
VoLTE Interfaces , Protocols & IMS StackVikas Shokeen
 
TS31103 ISIM introduction
TS31103 ISIM introductionTS31103 ISIM introduction
TS31103 ISIM introductionKimmy Yang
 
CS-Core Mobile Network (General)
CS-Core Mobile Network (General)CS-Core Mobile Network (General)
CS-Core Mobile Network (General)Hamidreza Bolhasani
 

What's hot (20)

Attacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchangeAttacking GRX - GPRS Roaming eXchange
Attacking GRX - GPRS Roaming eXchange
 
Philippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1securityPhilippe Langlois - LTE Pwnage - P1security
Philippe Langlois - LTE Pwnage - P1security
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 Vulnerabilities
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
 
IMS + VoLTE Overview
IMS + VoLTE OverviewIMS + VoLTE Overview
IMS + VoLTE Overview
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elements
 
Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)Mobile Networks Architecture and Security (2G to 5G)
Mobile Networks Architecture and Security (2G to 5G)
 
VoLTE Flows and CS network
VoLTE Flows and CS networkVoLTE Flows and CS network
VoLTE Flows and CS network
 
Ss7 Introduction Li In
Ss7 Introduction Li InSs7 Introduction Li In
Ss7 Introduction Li In
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest link
 
SS7
SS7SS7
SS7
 
VoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack ExplainedVoLTE Interfaces , Protocols & IMS Stack Explained
VoLTE Interfaces , Protocols & IMS Stack Explained
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case study
 
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
End to End volte ims sip call flow Guide - Mobile originating and Mobile term...
 
VoLTE flows - basics
VoLTE flows - basicsVoLTE flows - basics
VoLTE flows - basics
 
VoLTE Interfaces , Protocols & IMS Stack
VoLTE Interfaces , Protocols & IMS StackVoLTE Interfaces , Protocols & IMS Stack
VoLTE Interfaces , Protocols & IMS Stack
 
Call Forwarding
Call ForwardingCall Forwarding
Call Forwarding
 
TS31103 ISIM introduction
TS31103 ISIM introductionTS31103 ISIM introduction
TS31103 ISIM introduction
 
CS-Core Mobile Network (General)
CS-Core Mobile Network (General)CS-Core Mobile Network (General)
CS-Core Mobile Network (General)
 

Viewers also liked

Quick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoiceQuick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoice3G4G
 
Introduction to Telco-OTT Services
Introduction to Telco-OTT ServicesIntroduction to Telco-OTT Services
Introduction to Telco-OTT ServicesMartin Geddes
 
Lte security overview
Lte security overviewLte security overview
Lte security overviewaliirfan04
 
Critical networking using mesh Wi-SUN technology
Critical networking using mesh Wi-SUN technologyCritical networking using mesh Wi-SUN technology
Critical networking using mesh Wi-SUN technology3G4G
 
Narrowband Internet of Things - R&S Whitepaper
Narrowband Internet of Things - R&S WhitepaperNarrowband Internet of Things - R&S Whitepaper
Narrowband Internet of Things - R&S Whitepaper3G4G
 
VoWLAN: Call Quality
VoWLAN: Call QualityVoWLAN: Call Quality
VoWLAN: Call Quality3G4G
 
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-NetsAndy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-Netshmatthews1
 
Mobile Network Sharing
Mobile Network SharingMobile Network Sharing
Mobile Network Sharing3G4G
 
Radio Frequency, Band and Spectrum
Radio Frequency, Band and SpectrumRadio Frequency, Band and Spectrum
Radio Frequency, Band and Spectrum3G4G
 
2G/3G Switch off Dates
2G/3G Switch off Dates2G/3G Switch off Dates
2G/3G Switch off Dates3G4G
 

Viewers also liked (11)

Quick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoiceQuick Summary of LTE Voice Summit 2015 #LTEVoice
Quick Summary of LTE Voice Summit 2015 #LTEVoice
 
Introduction to Telco-OTT Services
Introduction to Telco-OTT ServicesIntroduction to Telco-OTT Services
Introduction to Telco-OTT Services
 
Gsm basics
Gsm basicsGsm basics
Gsm basics
 
Lte security overview
Lte security overviewLte security overview
Lte security overview
 
Critical networking using mesh Wi-SUN technology
Critical networking using mesh Wi-SUN technologyCritical networking using mesh Wi-SUN technology
Critical networking using mesh Wi-SUN technology
 
Narrowband Internet of Things - R&S Whitepaper
Narrowband Internet of Things - R&S WhitepaperNarrowband Internet of Things - R&S Whitepaper
Narrowband Internet of Things - R&S Whitepaper
 
VoWLAN: Call Quality
VoWLAN: Call QualityVoWLAN: Call Quality
VoWLAN: Call Quality
 
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-NetsAndy sutton - Multi-RAT mobile backhaul for Het-Nets
Andy sutton - Multi-RAT mobile backhaul for Het-Nets
 
Mobile Network Sharing
Mobile Network SharingMobile Network Sharing
Mobile Network Sharing
 
Radio Frequency, Band and Spectrum
Radio Frequency, Band and SpectrumRadio Frequency, Band and Spectrum
Radio Frequency, Band and Spectrum
 
2G/3G Switch off Dates
2G/3G Switch off Dates2G/3G Switch off Dates
2G/3G Switch off Dates
 

Similar to How to Intercept a Conversation Held on the Other Side of the Planet

Call flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flowCall flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flowEricsson Saudi
 
fdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.pptfdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.pptHazemElabed2
 
Kumar gunjan 20160213 mobile communication security
Kumar gunjan 20160213 mobile communication securityKumar gunjan 20160213 mobile communication security
Kumar gunjan 20160213 mobile communication securitynullowaspmumbai
 
Gsm training
Gsm trainingGsm training
Gsm traininggernaz55
 
395273802-GSM-Signaling.pdf
395273802-GSM-Signaling.pdf395273802-GSM-Signaling.pdf
395273802-GSM-Signaling.pdfGeoffreyAlleyne
 
Introducing to LAC-CI
Introducing to LAC-CIIntroducing to LAC-CI
Introducing to LAC-CIRiswan
 
Gsm architecture and call flow
Gsm architecture and call flowGsm architecture and call flow
Gsm architecture and call flowMohd Nazir Shakeel
 
Gsm overview
Gsm overviewGsm overview
Gsm overviewChon Tum
 
02 gsm hscsd_gprs
02 gsm hscsd_gprs02 gsm hscsd_gprs
02 gsm hscsd_gprsChyon Ju
 
Basic gsm principles
Basic gsm principlesBasic gsm principles
Basic gsm principlesSupper Mario
 
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core NetworkHamidreza Bolhasani
 
PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PROIDEA
 
Ussd call back or UCB
Ussd call back or UCBUssd call back or UCB
Ussd call back or UCBRawand Jaf
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecturesumit singh
 

Similar to How to Intercept a Conversation Held on the Other Side of the Planet (20)

Call flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flowCall flow oma000003 gsm communication flow
Call flow oma000003 gsm communication flow
 
fdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.pptfdocuments.net_gsm-call-flows-5584455b2833e.ppt
fdocuments.net_gsm-call-flows-5584455b2833e.ppt
 
Kumar gunjan 20160213 mobile communication security
Kumar gunjan 20160213 mobile communication securityKumar gunjan 20160213 mobile communication security
Kumar gunjan 20160213 mobile communication security
 
Gsm
GsmGsm
Gsm
 
Gsm
GsmGsm
Gsm
 
Gsm training
Gsm trainingGsm training
Gsm training
 
395273802-GSM-Signaling.pdf
395273802-GSM-Signaling.pdf395273802-GSM-Signaling.pdf
395273802-GSM-Signaling.pdf
 
gsm operation
gsm operationgsm operation
gsm operation
 
Intelegent network.ppt
Intelegent network.pptIntelegent network.ppt
Intelegent network.ppt
 
Switching systems lecture7
Switching systems lecture7Switching systems lecture7
Switching systems lecture7
 
Introducing to LAC-CI
Introducing to LAC-CIIntroducing to LAC-CI
Introducing to LAC-CI
 
Gsm architecture and call flow
Gsm architecture and call flowGsm architecture and call flow
Gsm architecture and call flow
 
Telecom Security
Telecom SecurityTelecom Security
Telecom Security
 
Gsm overview
Gsm overviewGsm overview
Gsm overview
 
02 gsm hscsd_gprs
02 gsm hscsd_gprs02 gsm hscsd_gprs
02 gsm hscsd_gprs
 
Basic gsm principles
Basic gsm principlesBasic gsm principles
Basic gsm principles
 
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
2G / 3G / 4G / IMS / 5G Overview with Focus on Core Network
 
PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security
 
Ussd call back or UCB
Ussd call back or UCBUssd call back or UCB
Ussd call back or UCB
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecture
 

More from Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikPositive Hack Days
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQubePositive Hack Days
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityPositive Hack Days
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Positive Hack Days
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для ApproofPositive Hack Days
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Positive Hack Days
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложенийPositive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложенийPositive Hack Days
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application SecurityPositive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОPositive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке СиPositive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опытPositive Hack Days
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterPositive Hack Days
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиPositive Hack Days
 

More from Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Recently uploaded

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

How to Intercept a Conversation Held on the Other Side of the Planet