Attacks On GSM Networks

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration).

Recent years saw a significant increase of research in GSM attacks: The weaknesses of A5/1 encryption have been demonstrated and exploited, several GPRS networks in Europe have been shown to be insecure, and an ever-growing number of Open Source projects in the area of GSM and GPRS are gaining significant attraction. Despite the availability of attack methods, the tools are often hard to use for security professionals due to their limited documentation. The published attacks are often difficult to reimplement when assessing the vulnerability of GSM networks. This two-day workshop will spend about half the time re-visiting the key aspects of GSM's security features and their publicly known weaknesses. During the other half, attention is being paid to the hands-on practical sessions, where attendees will be walked through how to use the various tools for GSM security analysis like OsmocomBB, OpenBSC, airprobe, SIMtrace and others. All tools will be provided pre-compiled and pre-installed on a USB flash drive with a Linux-based live distribution. The target audience of this workshop are GSM network operators and IT security professionals. As attendee, you should be familiar with working on a Linux/Unix command line shell. Prior knowledge of GSM/GPRS network architecture is a plus, but not absolutely necessary.

Presenters:

  • Dieter Spaar - Independent Researcher & HMW-Consulting
    Dieter Spaar is a self-employed software developer and consultant with more than 25 years of experience in system-level and embedded development on a variety of architectures. In the last couple of years, he has been a key figure in the GSM research area. In 2008, he first co-presented on the subject of running small independent GSM networks for research use. At DeepSec 2009, he first demonstrated his implementation of the so-called RACH DoS attack. Harald Welte is a freelancer, consultant, enthusiast, freedom fighter and hacker who is working with Free Software (and particularly the Linux kernel) since 1995. After having worked extensively in the area of IP network security where he co-authored netfilter/iptables, he has been researching non-IP communications protocols and systems such as RFID, DECT, GSM and TETRA. He is involved in the development of almost all the tools discussed in this workshop.
  • Harald Welte - Independent Researcher & HMW-Consulting
    Dieter Spaar is a self-employed software developer and consultant with more than 25 years of experience in system-level and embedded development on a variety of architectures. In the last couple of years, he has been a key figure in the GSM research area. In 2008, he first co-presented on the subject of running small independent GSM networks for research use. At DeepSec 2009, he first demonstrated his implementation of the so-called RACH DoS attack. Harald Welte is a freelancer, consultant, enthusiast, freedom fighter and hacker who is working with Free Software (and particularly the Linux kernel) since 1995. After having worked extensively in the area of IP network security where he co-authored netfilter/iptables, he has been researching non-IP communications protocols and systems such as RFID, DECT, GSM and TETRA. He is involved in the development of almost all the tools discussed in this workshop.

Links:

Similar Presentations: