Presented at
Black Hat Asia 2020 Virtual,
Oct. 2, 2020, 2:20 p.m.
(40 minutes).
The state of mobile technologies can be baffling. We are already seeing deployment of 5G networks with astounding bandwidth and minimal latency. Yet, standards reliant on SS7, a technology developed in the 1970s, still continue to dominate. This mishmash of technologies, protocols, and standards in telecom has implications for security. Intruders are attacking mobile networks from all possible angles, in part by leveraging multiple protocols in combined attacks.
In this presentation, I will describe how an attacker can take advantage of vulnerabilities in different generations of signaling protocols. Access to the old SS7 signaling system is enough to manipulate data on newer-generation (4G/5G) networks. Moreover, an attacker can intercept voice calls on combined 2G/3G/4G networks, as well as commit fraud by subscribing random subscribers to VAS services.
All the scenarios described involve cross-protocol attacks: an attack starts with actions in one protocol that are continued by actions in a different one, requiring particular combinations of actions for the attack to succeed. The results of this research have not been published previously.
Presenters:
-
Sergey Puzankov
- Telecom Security Expert, Positive Technologies
Sergey Puzankov, Lead Security Researcher, Positive Technologies.
Sergey has been working in telecom industry for more than 18 years. As the Lead Security Researcher at Positive Technologies, he researches mobile operator security on the part of signaling networks. Sergey conducted research of by-design vulnerabilities in SS7 networks, discovered a number of critical vulnerabilities in mobile network equipment, and showed how an intruder is able to bypass mobile operators' protection means. Author of many articles on telecom security.
Sergey is also the general developer of the PT Telecom Vulnerability Scanner tool, member of the PT Telecom Attack Discovery development team, writes Positive Technologies annual analytical reports.
Apart from that, Sergey actively contributes discovered vulnerabilities and the results of security researches to global organizations, such as GSMA and ITU, and shares knowledge with the telecom security community. Sergey has given talks at many conferences, such as DEFCON, Hack.Lu, HackInParis, LeHACK, HitCon Pacific, XCON, PHDays, and BSides.
Links:
Similar Presentations: