SimBox Security: Fraud, Fun and Failure

Presented at TROOPERS17 (2017), March 20, 2017, 1:30 p.m. (Unknown duration).

Sim-boxes have been around for quite some time and they tend to skirt and bridge the gap between traditional enterprise IT systems used for a legitimate purposes, telecom systems meant for the domain of only the telecom engineer and of course systems perpetrated for fraud losing MNO's as much as 6% of their profit annually and promising thousands of dollars daily return for their operators.

They are legal is some countries and not others! They can be set up with PBX's or used entirely on their own! There is a separate industry dedicated to heuristic measurements, detection and neutralisation of sim-boxes and a counter industry designed to avoid detection devices, simulate real subscriber behaviour and outsmart the operators!

But what are these devices, and if were to look at them from a security perspective, and how what controls do they have to keep your data safe (for all you know international messages and calls that you make could very possibly have been routed through sim boxes!!)

This talk examines two popular Simbox vendors and the equipment they provide for real legitimate and some times less legitimate use. How do these systems operate and what actual security controls do they provide for our voice and signaling data; after all, we expect stringent controls when the data flows through the operators, but what about these elements that are operated in some one's back room?

Come and get a view into a world where enterprise IT systems and Critical infrastructure telecom elements cross over, and absolutely no assurances are given for that $6 a minute international call!


Presenters:

  • Vladimir Wolstencroft
    Vladimir Wolstencroft is a senior security consultant specialising now in telecom auditing and training with P1 security in France. Transitioning from a career in development and cyber security consulting and researching, Vlad now focuses on telecom systems and architectures, taking some of the standard IT security principles and integrating them into the telco world. Vlad has previously presented security talks at Troopers, NZITF, H2HC, Daycon, ISACA NZ and training sessions at HITB on a range of subjects from mobile security, telecom security and to conducting research within a legal and lawful (mostly) framework. With a wide experience in consulting, training and some developing, Vladimir enjoys all aspects of the security field and even more so, the sharing of good stories with you.

Links:

Similar Presentations: