Mobile Interconnect Threats: How Next-Gen Products May be Already Outdated

Presented at Black Hat USA 2019, Aug. 8, 2019, 9 a.m. (25 minutes)

"Walled garden" used to be the security principle backing SS7 networks. This is no longer the case, and some attackers may benefit from access to these networks to leverage mobile network functions: geolocation, access to subscriber's profile, interception of communications. Mobile network operators now deploy new equipments to detect attacks and protect their customers. These new equipments are expected to be robust against wild traffic and safe. We describe in this talk vulnerabilities we have discovered and what we look into when assessing security of such products.


Presenters:

  • Guillaume Teissier - security researcher, Orange Group
    Guillaume Teissier is a French security researcher working for Orange Group. His main activities are penetration tests and audits on Telco infrastructure and services. He has found several vulnerabilities, which have been responsibly disclosed, on various products, like CVE-2018-7364 (ZTE IN), CVE-2017-10617 (Juniper Contrail), or CVE-2016-6271 (bzrtp). He has given talks at SSTIC 2018 and Troopers TSD 2019.

Links:

Similar Presentations: