Attacks on Mobile Operators

Presented at DeepSec 2018 „I like to mov &6974,%bx“, Unknown date/time (Unknown duration).

I'd like to talk about telecom security. My research contains information about security of mobile operators: classic and new (or very rare) attack vectors and vulnerabilities. This presentation will consist of three main parts: First, I will share information on the security of mobile operators in general. I'll tell you a little bit about why it is important (usually, phone numbers are used as a key to social networks, messengers, bank accounts, etc). So, if an attacker can hack a mobile operator, he can gain access to a big amount of user data and money. Also, in this part, I will tell you about typical SS7 attacks (how to intercept SMS or send fake ones). During the second part, I will tell you about different vulnerabilities and security issues. All of the problems I will refer to were found in systems of mobile operators from Russia and the Ukraine. I will speak about the classic vulnerabilities I found (XXS, CSRF and HTTPS issues) that allow attackers to gain access to subscribe accounts through a mobile operators site or an application. Also, I will talk about authorisation issues (SMS codes, bruteforce, etc). Then I will tell you about new attack vectors (or very rare ones): attacks via IVR (at call centers), problems in operator services, that allow to send SMS from user numbers, and problems in operator applications (which allow attackers to intercept calls and SMS). I also will speak about attacks on sim-card change systems (how I can gain access to information that I can use to change sim-cards and gain access to calls and SMS). Of course, I will show demos and PoC (images, video or real-time demonstration) of some attacks. In the final part of the talk I will talk about post-exploitation. The main idea of this part is to show how I can use the vulnerabilities, adressed in the second part of my talk, to gain access to private data (including SMS-content), intercept calls and SMS, send fake SMS, gain access to email, messenger, and social network accounts (using restore via SMS), to steal money from bank accounts (using account restore or SMS-banking) and for some other ideas.

Presenters:

  • Aleksandr Kolchanov
    Aleksandr Kolchanov is an independent security researcher and consultant. Ex penetration tester of a bank in Russia. He takes part in different bug bounty programs - PayPal, Facebook, Yahoo, Coinbase, Protonmail, Telegram, etc., and holds the first place the Privatbank bug bounty program (one of biggest banks in the Ukraine). Aleksandr also won the "Hack Internet-Bank" competition of PromSvazBank, Russia. He's interested in uncommon security issues, telecom problems, airline security and social engineering.

Links:

Similar Presentations: