Presented at
DeepSec 2019 „Internet of Facts and Fears“,
Unknown date/time
(Unknown duration)
Mobile networks have gone through a decade of security improvements ranging from better GSM encryption to stronger SIM card and SS7 configurations. These improvements were driven by research at this and other hacking conferences.
Meanwhile, the networks have also mushroomed in complexity by integrating an ever-growing number of IT technologies from SIP to WiFi, IPSec, and most notably web technologies.
This talk illustrates the security shortcomings when merging IT protocols into mobile networks. We bring back hacking gadgets long thought to be mitigated, including intercepting IMSI catchers, remote SMS intercept, and universal caller ID spoofing.
We explore together which protection measures were forgotten in the mobile network and discuss how to best bring them over from the IT security domain into mobile networks.
Presenters:
-
Sina Yazdanmehr
- Security Research Labs
Sina Yazdanmehr is a penetration tester and information security consultant. Since 2009, he has worked for different security firms and CERT, developing a strong expertise in web and mobile applications security. His research about Android fingerprint authentication security and JavaScript deobfuscation has been presented at security conferences. Recently, his expertise extended to mobile networks security, discovering issues that will be presented at this conference.
-
Luca Melette
- Security Research Labs
Luca Melette is a security researcher with focus on all sorts of telecommunication networks.
In the past years, together with Karsten Nohl, he discovered and disclosed several security vulnerabilities in mobile networks, from low-cost radio attacks to more sophisticated interconnect abuse.
Luca's one of the maintainers of the website gsmmap.org and the related mobile app SnoopSnitch.
Links:
Similar Presentations: