Mobile Network Hacking, IP Edition

Presented at Black Hat Europe 2019, Dec. 4, 2019, 12:10 p.m. (50 minutes).

Mobile networks have gone through a decade of security improvements ranging from better GSM encryption to stronger SIM card and SS7 configurations. These improvements were driven by research at this and other hacking conferences.

Meanwhile, the networks have also mushroomed in complexity by integrating an ever-growing number of IT technologies from SIP to WiFi, IPSec, and most notably web technologies.

This talk illustrates the security shortcomings when merging IT protocols into mobile networks. We bring back hacking gadgets long thought to be mitigated, including intercepting IMSI catchers, remote SMS intercept, and universal caller ID spoofing.

We explore which protection measures are missing from the mobile network and discuss how to best bring them over from the IT security domain into mobile networks.


Presenters:

  • Luca Melette - Chief Hacker, Security Research Labs
    Luca Melette is a security researcher with focus on mobile networks. He discovered and disclosed several security vulnerabilities in 2G/3G networks, from low-cost radio attacks to more sophisticated SS7 abuse. Luca maintains the website gsmmap.org and the related mobile app SnoopSnitch that enable comparison of mobile networks world-wide.
  • Karsten Nohl - Chief Scientist, Security Research Labs
    Karsten Nohl is a cryptographer and security researcher. He likes to test security assumptions in proprietary systems and typically breaks them. His professional work includes support of Reliance Jio, the fastest growing telco in the world.
  • Sina Yazdanmehr - Security Researcher, Security Research Labs
    <p class="p1"><span class="s1">Sina Yazdanmehr is a penetration tester and information security researcher. Since 2009, he has worked for different security firms and CERT, developing a strong expertise in web and mobile applications security. His research about Android fingerprint authentication security and JavaScript deobfuscation has been presented at security conferences. Recently, his expertise extended to mobile networks security, discovering issues that will be presented at this conference.</span></p>

Links:

Similar Presentations: