Lurking underneath our increasingly mobile-connected world is a growing fraud problem -- one which exposes user data to security and privacy risks. Interconnect bypass fraud has been an issue within telecom networks ever since mobile phones were allowed to roam between countries. GSM Gateways, also known as "simboxes," are one of the primary keys for criminals to unlock the ability to conduct fraud on these networks.
In this talk, we'll explore how carriers and aggregators globally send your SMS and voice traffic through these IoT-based devices, which are not subject to any of the security or privacy requirements of critical infrastructure. However, these devices still handle our critical data -- both offering a profit opportunity for fraudsters as well as creating a privacy nightmare for mobile subscribers.
Then, we'll delve into the defensive devices dedicated to heuristic measurements, detection, and destruction of GSM gateways, and the retaliatory countermeasures employed to avoid detection, simulate real subscriber behavior, and outsmart the mobile network operators.
Next, we'll explore multiple GSM Gateway vendors and the equipment they provide for legitimate -- sometimes less-than-legitimate -- purposes. We'll examine how these systems operate and what actual security controls they provide for our voice and signaling data. While we expect stringent controls when data flows through network operators, can we hold the same expectation for these network elements operated in someone's basement?
Finally, I will propose new techniques to detect, map, and disable these devices remotely, as well as track the operators of these systems -- without the pitfalls of relying on heuristic measurements. With these methods, we can begin disrupting the $6b in fraudulent revenue running on the backs of flawed and vulnerable devices.