Effective SS7 protection ITU Workshop on SS7 Security, June 29 th 2016

Size: px
Start display at page:

Download "Effective SS7 protection ITU Workshop on SS7 Security, June 29 th 2016"

Transcription

1 Effective SS7 protection ITU Workshop on SS7 Security, June 29 th 2016 Luca Melette SRLabs Template v12

2 Motivation: Operators and their users still vulnerable to SS7 attacks

3 Agenda 3 attack scenarios 10 attack messages 4 defense measures 3

4 SS7 enables mobile abuse on different frontiers Attacker objective A Tracking Find subscriber s whereabouts B C Intercept Fraud Listen to calls, read short messages, intercept Internet traffic Make illegitimate calls/send SMS; disable usage limits 4

5 A Tracking through ATI has become commonplace Phone number (MSISDN) Subscriber location (LAC or Cell ID or GPS) AnytimeInterrogation 5

6 AnytimeInterrogation is blocked now in a lot of places. Tracking still works, though! 6

7 A Accurate tracking is possible with standard messages Shown in 60 Minutes Attack Probe MSC for subscriber location MSC HLR STP Attacker LAC/CID database SRI-SM [MSISDN] ACK [MSC, IMSI] Variant: Start here and send PSI to all MSCs PSI [IMSI] ACK [LAC,CID] 7

8 A Tracking can happen using many more signaling messages Send to phone number or all HLRs or directly to MSC Phone number (MSISDN) Subscriber location (LAC or Cell ID or GPS) AnytimeInterrogation SRI/-SM IMSI & MSC Impersonate HLR towards MSC: SendIMSI Brute-force all MSCs ProvideRN InsertSubData ForwardSM SRI-GPRS IMSI MSC PSI PSL 8

9 B Remote intercept is possible through Camel Shown in 60 Minutes Attack Rewrite numbers over Camel 2. Phone calls, is called, or sends an SMS MSC Call out Call in SMS out 1.InsertSubscriber- Data(Camel server) sets triggering points 3. Sends destination number to Camel server for verification SMS in Call intercept works for all Camel versions SMS intercept requires Camel v3 SS7 STP 4. Corrects number gsmscf Attacker MITM server 5.Connects call or sends SMS to attacker 9

10 B Location update also achieves remote intercept Shown in 60 Minutes Attack Register as subscriber HLR Real MSC Attacker MSC Call out Call in UpdateLocation [IMSI] SMS out SMS in Connects all incoming calls and SMS Forward call/sms to reach subscriber 10

11 C Selective denial-of-service is possible remotely Signaling message CancelLocation DeleteSubData InsertSubData PurgeMS Send to MSC MSC MSC HLR Effect For some phones: No service until reboot Nothing works until next LU No Incoming SMS / Calls 11

12 Agenda 3 attack scenarios 10 attack messages 4 defense measures 12

13 SS7 attacks are happening across the words Some Thousands Millions Observed attacks [GSMA FASG reports] Attack message Orange 22 countries Vodafone 19 cntrs Deutsche Telekom (Germany) NTT (Japan) 1. ATI 2. SRI-(SM) Tracking 3. PSI? 4. PSL? - 5. SendIMSI Remote intercept 6. ActivateSS 7. Update location 8. ISD? No measurements reported to the FASG so far Fraud 9. DSD 10. SendID 13

14 Attacks originate in a diverse set of networks Attacking network Africa Middle East South America Other Orange Vodafone Deutsche Telekom Morocco Seychelles Gabon Egypt Madagascar Ghana Niger Morocco Seychelles Ethiopia Morocco Nigeria NTT Ethiopia Saudi Arabia Qatar Qatar Qatar Iran Iran Oman Bolivia Peru Chile Mexico Bolivia Peru UK Albania Bosnia China 14

15 Agenda 3 attack scenarios 10 attack messages 4 defense measures 15

16 An SS7 firewall is necessary to defend from advanced attacks Defense Drop these messages Messages 1. ATI Where 1 Block 2. SRI 5. SendIMSI STP 10.SendID Re-route Home-routing + IMSI obfuscation 2. SRI-SM 2 HLR Check origin Check location Compare GT and IMSI: Is the operator asking about their own subscriber? Compare GT with subscriber location: Is your subscriber in that country? 3. PSI 8. ISD 9. DSD 6. ActivateSS 7. UpdateLoc 3 Simple SS7 firewall State-full SS7 firewall -orsimple firewall + ATI 4 + Monitor, Monitor, Monitor! 16

17 Take away It s about time to solve 99% of the current SS7 problem by addressing 3 attack scenarios (Track, Intercept, Fraud)... which rely on 10 SS7 messages... that we can rejected using just 4 defense measures: STP, HLR, SS7 Firewall, and Monitoring! Questions? Luca Melette <luca@srlabs.de> 17

18 18

19 Protection from SS7 threats varies; can be improved Exposure scan available from SRLabs Threat category Unprotected Standard attacks prevented Illustrative Advanced attacks prevented A B C Tracking Remotely query subscriber location Intercept Read SMS or listen to calls, locally or remotely Denial-of-service Remotely disrupt subscribers service D Fraud Add premium number charges to bill E Spam Subscribers with SMS $Operator protection level 19

20 B Local and remote intercept is enabled through various signaling messages Objective Attack path Local intercept (calls and SMS; in and out) Passive intercept (2G/3G) Fake base station (2G/3G) Intercepted calls/sms including IMSI Attacked phone; IMSI SendIdentification SendIdentification SendAuthInfo Encryption key Authentication & encryption key Remote intercept (starting from IMSI + MSC) Calls (incoming) Calls (in & out) Phone number Phone number SS_activate UpdateLocation InsertSubscriberData (expires with LU) Receive call and forward to correct MSC (or do SS_erase) Man-in-the-middle -or- Spoof voic and forward later SMS (incoming) Phone number UpdateLocation Receive (and forward) SMS RestoreData Find phone number IMSI Update- Location InsertSubscriber- Data MSISDN 20

21 Not all SS7 attacks can simply be blocked Abuse scenario 1 Local passive intercept Example SS7 attack message SendIdentification Mitigation effort Easy Block message at network boundary 2 3 IMSI Catcher Rerouting attacks SendAuthenticationInfo SS_activate/register UpdateLocation Camel messages (Probably others) More complex Messages are required for operations, need to be plausibility-checked 21

22 STP is the central instance for SS7 filtering Interconnect Core network Roaming partners SCP Other networks SCCP carriers STP MSC HLR Attacker SMSC Attacker strategy STP defense Impersonate interconnect partners Address target elements by GT or SSN Issue unexpected MAP commands Block. Verify that CgPA belongs to a trusted partner L3 Firewall. Enforce GT / SSN relationships L7 Firewall. Enforce MAP / GT relationships 22

Trojans in SS7 - how they bypass all security measures

Trojans in SS7 - how they bypass all security measures Sergey Puzankov Trojans in SS7 - how they bypass all security measures ptsecurity.com SS7 in the 20 th century SCP STP STP SSP SCP SSP STP PSTN STP SSP SS7 (Signaling System #7): a set of telephony protocols

More information

Mobile network security report: Ukraine

Mobile network security report: Ukraine Mobile network security report: Ukraine GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin June 2017 Abstract. Mobile networks differ widely in their protection capabilities against common

More information

Mobile operators vs. Hackers: new security measures for new bypassing techniques

Mobile operators vs. Hackers: new security measures for new bypassing techniques Sergey Puzankov Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com SS7 in the 20 th century SCP STP STP SSP SCP SSP STP PSTN STP SSP SS7 Signaling System #7,

More information

GSM security country report: Estonia

GSM security country report: Estonia GSM security country report: Estonia GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin September 2014 Abstract. GSM networks differ widely in their protection capabilities against common

More information

GSM security country report: Thailand

GSM security country report: Thailand GSM security country report: Thailand GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin February 2013 Abstract. GSM networks differ widely in their protection capabilities against common

More information

MAP - Mobile Application Part

MAP - Mobile Application Part - Mobile Application Part Mobility Management in GSM GSM services Short Message Service CAMEL = IN+GSM integration Raimo Kantola/ k2001 Telecommunications Switching Technology I 17-1 Course scope - lecture

More information

Communication Networks 2 Signaling 2 (Mobile)

Communication Networks 2 Signaling 2 (Mobile) Communication Networks 2 Signaling 2 (Mobile) Gusztáv Adamis BME TMIT 2017 GSM signaling Signaling of GSM is based on the ISDN signaling systems SS7/DSS1 But, because of mobility, roaming, radio access

More information

TSGS#27(05)0138. Technical Specification Group Services and System Aspects Meeting #27, March 2005, Tokyo, Japan

TSGS#27(05)0138. Technical Specification Group Services and System Aspects Meeting #27, March 2005, Tokyo, Japan Technical Specification Group Services and System Aspects Meeting #27, 14-17 March 2005, Tokyo, Japan TSGS#27(05)0138 Source: SA WG3 Title: Three CRs to TS 33.200 (Rel-6) Document for: Approval Agenda

More information

Positive Technologies Telecom Attack Discovery DATA SHEET

Positive Technologies Telecom Attack Discovery DATA SHEET Positive Technologies Telecom Attack Discovery DATA SHEET PT TELECOM ATTACK DISCOVERY DATA SHEET CELLULAR NETWORK SECURITY COMPLICATIONS As is shown in the network analysis performed by Positive Technologies

More information

Understanding IMSI Privacy!

Understanding IMSI Privacy! Understanding IMSI Privacy Ravishankar Borgaonkar TU Berlin Swapnil Udar Aalto University Email: darshak@sec.t-labs.tu-berlin.de Blackhat USA 2014, Las Vegas, 7 th August 2014 Overview Unresolved Privacy

More information

Outstanding Communications Solutions. Root Canal. A new class of SS7 vulnerabilities

Outstanding Communications Solutions. Root Canal. A new class of SS7 vulnerabilities Outstanding Communications Solutions Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design Acknowledged signalling vulnerabilities The root problem Mitigation The signaling band-aid

More information

Fractured Backbones Incidents Detection and Forensics in Telco Networks

Fractured Backbones Incidents Detection and Forensics in Telco Networks Dmitry Kurbatov Sergey Puzankov Vladimir Kropotov Fractured Backbones Incidents Detection and Forensics in Telco Networks ptsecurity.com About us Joint research of Incident Response and Telco Security

More information

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up. 10 Call Set-up Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up. 10.1 INTRODUCTION... 2 10.2 CALL TO MS (MT)... 3 10.3 CALL FROM MS

More information

Taking Over Telecom Networks

Taking Over Telecom Networks Taking Over Telecom Networks Hardik Mehta (@hardw00t) Loay Abdelrazek (@sigploit) Taking Over Telecom Networks - Hardik Mehta (@hardw00t) and Loay Abdelrazek (@sigploit) 1 Press Release: some highlights

More information

Mobile Security Fall 2013

Mobile Security Fall 2013 Mobile Security 14-829 Fall 2013 Patrick Tague Class #4 Telecom System Security General Vulnerabilities Service interruption vulnerabilities Due to increased capacity offered by high speed communication

More information

MOBILE NUMBER PORTABILITY IN SWITZERLAND (NETWORK-NETWORK-INTERFACE SPECIFICATION)

MOBILE NUMBER PORTABILITY IN SWITZERLAND (NETWORK-NETWORK-INTERFACE SPECIFICATION) Page 1 of 18 MOBILE NUMBER PORTABILITY IN SWITZERLAND (NETWORK-NETWORK-INTERFACE SPECIFICATION) AUTHOR Document Release History OSCAR FURRER Version No. Release Date Purpose Draft 1.0 17 December 1998

More information

IS-13 TOPS Special Solicitation Volume Report

IS-13 TOPS Special Solicitation Volume Report IS-13 TOPS Special Solicitation Volume Report SS CHANNEL CoS To/From RATE AREAS Volume WT (lbs) COUNTRY US2517770 to/from AE 6 7,51 United Arab Emirates US2517770 to/from AG 1 335 Algeria US2517770 to/from

More information

Enterprise price plan guide Vodafone One Net Business

Enterprise price plan guide Vodafone One Net Business This Price Plan Guide applies to the price plans and is incorporated into the Commercial Terms between Vodafone and Customer and, together with the One Net General Terms and Conditions and Mobile Service

More information

SS7. Mercantec H2 2009

SS7. Mercantec H2 2009 SS7 Mercantec H2 2009 Common Channel Signaling System No. 7 basic call setup, management, and tear down wireless services such as personal communications services (PCS), wireless roaming, and mobile subscriber

More information

Cyber Security Threats to Telecom Networks. Rosalia D Alessandro Hardik Mehta Loay Abdelrazek

Cyber Security Threats to Telecom Networks. Rosalia D Alessandro Hardik Mehta Loay Abdelrazek Cyber Security Threats to Telecom s Rosalia D Alessandro Hardik Mehta Loay Abdelrazek Press Release: some highlights Cyber Security Threats to Telecom s - Rosalia D Alessandro, Hardik Mehta and Loay Abdelrazek

More information

THREATS TO PACKET CORE SECURITY OF 4G NETWORK

THREATS TO PACKET CORE SECURITY OF 4G NETWORK 07 CONTENTS Terms and abbreviations... : main components and protocols...4 Attack scenarios...5 What is necessary for a successful attack...5 Threats to EPC security...7. Fraud...7. Connection hijacking...8.

More information

Mavenir Keynote. Think Smarter Secure communication Innovate Services. By Mohamed Issa Regional Head of Africa Sales

Mavenir Keynote. Think Smarter Secure communication Innovate Services. By Mohamed Issa Regional Head of Africa Sales Mavenir Keynote Think Smarter Secure communication Innovate Services By Mohamed Issa Regional Head of Africa Sales The New Mavenir: Combining Market Leaders Combing three industry-leading companies to

More information

DataKom Vodafone Mobile Tariff Minimum 30 day end of month notice cancellation - Subject to contract. DataKom O2 Mobile Tariff. All prices exclude VAT

DataKom Vodafone Mobile Tariff Minimum 30 day end of month notice cancellation - Subject to contract. DataKom O2 Mobile Tariff. All prices exclude VAT DataKom Vodafone Mobile Tariff Minimum 30 day end of month notice cancellation - Subject to contract Data Bolt-Ons 3GB Data Bolt-on Voda Vodafone - 3Gb data 5GB Data Bolt-on Voda Vodafone - 5Gb data 7.00

More information

TELECOMMUNICATION SYSTEMS

TELECOMMUNICATION SYSTEMS TELECOMMUNICATION SYSTEMS By Syed Bakhtawar Shah Abid Lecturer in Computer Science 1 SS7 Network Architecture SS7 can employ different types of signaling network structures. The worldwide signaling network

More information

GSMK. Cryptography Network Security. GSMK Oversight SS7 Firewall and Intrusion Detection System

GSMK. Cryptography Network Security. GSMK Oversight SS7 Firewall and Intrusion Detection System Cryptography Network Security GSMK Firewall and Intrusion Detection System GSMK Firewall and intrusion detection system to prevent attacks via interconnect. Protect your Network s Achilles Heel. With the

More information

3GPP TS V7.0.0 ( )

3GPP TS V7.0.0 ( ) TS 29.120 V7.0.0 (2007-06) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Core Network; Mobile Application Part (MAP) specification for (Release 7) The present

More information

Enterprise price plan guide Vodafone One Net Business

Enterprise price plan guide Vodafone One Net Business This Price Plan Guide applies to the price plans and is incorporated into the Commercial Terms between Vodafone and Customer and, together with the One Net General Terms and Conditions and Mobile Service

More information

PLEASE NOTE: firms may submit one set of research questionnaires covering both China and Hong Kong or separate sets for each jurisdiction

PLEASE NOTE: firms may submit one set of research questionnaires covering both China and Hong Kong or separate sets for each jurisdiction Americas Argentina (Banking and finance; Capital markets; M&A; Project development) Bahamas (Financial and corporate) Barbados (Financial and corporate) Bermuda (Financial and corporate) Bolivia (Financial

More information

The telephone supports 2 SIM cards. All functions are available for both SIM cards and have independent settings.

The telephone supports 2 SIM cards. All functions are available for both SIM cards and have independent settings. Samsung C6112 telephone for protection of conversations against control via a GSM service provider as well as via active and semi-active GSM interception complexes, catchers. The telephone supports 2 SIM

More information

Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or tshark) and Snort

Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or tshark) and Snort Analysis of attacks / vulnerabilities SS7 / Sigtran using Wireshark (and / or tshark) and Snort Madrid, March 2018. By: Alejandro Corletti Estrada (acorletti@darfe.es - acorletti@hotmail.com) INDEX 1.

More information

Liberalisation and User Driven

Liberalisation and User Driven Liberalisation and User Driven Innovation in Africa Sam Paltridge, OECD Liberalisation enabled access growth Fixed and Mobile Subscriptions per 100 inhabitants in Low income countries 30 25 20 15 Global

More information

PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS

PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS Contents Introduction...3 1. Research Methodology...4 2. Summary...5 3. Participant Profile...5 4.

More information

@First Anti Fraud Interconnect Roaming & Security of Transactions

@First Anti Fraud Interconnect Roaming & Security of Transactions @First Anti Fraud Interconnect Roaming & Security of Transactions Pierre Paufique, Vice President Customer Service Operations & Fraud, Cost and Revenue Assurance, International Carriers, Orange agenda

More information

ETSI TS V3.0.0 ( )

ETSI TS V3.0.0 ( ) TS 129 120 V3.0.0 (2000-03) Technical Specification Universal Mobile Telecommunications System (UMTS); Mobile Application Part (MAP) specification for Gateway Location Register (); Stage 3 (3G TS 29.120

More information

GSM Open-source intelligence

GSM Open-source intelligence GSM Open-source intelligence Kenneth van Rijsbergen 1 1 MSc System and Network Engineering Faculty of Science University of Amsterdam 30 June 2016 Kenneth van Rijsbergen University of Amsterdam GSM OSINT

More information

The Next Generation Signaling Transfer Point

The Next Generation Signaling Transfer Point The Next Generation Signaling Transfer Point Overview As the Global network is undergoing immense changes and the Next-Generation IP networks become a reality, it signals an evolution towards using Internet

More information

HLR Configuration Mode Commands

HLR Configuration Mode Commands The HLR Configuration Mode is a sub-mode derived from the MAP Configuration Mode which controls the MAP service configuration. It is the MAP service that provides the application-layer protocol support

More information

Addressing Geoff Huston APNIC

Addressing Geoff Huston APNIC Addressing 2015 Geoff Huston APNIC The Addressing View Addressing V4 Exhaustion We have been predicting that the exhaustion of the free pool of IPv4 addresses would eventually happen for the past 25 years!

More information

MNPTF PT2. NPM2V1F 17 july Mobile Number Portability Task Force : PT2 : Network Architecture and Signalling

MNPTF PT2. NPM2V1F 17 july Mobile Number Portability Task Force : PT2 : Network Architecture and Signalling NPM2V1F 17 july 2001 Mobile Number Portability Task Force : PT2 : Network Architecture and Signalling HISTORY Date Version Evolution 27/02/2001 V11 Creation of draft version 16/03/2001 V20 Update of draft

More information

Spoka Meet Audio Calls Rates Dial-In UK

Spoka Meet Audio Calls Rates Dial-In UK Spoka Meet Audio Calls Rates Dial-In UK Country Toll/Toll Free Landline/Mobile GBP Argentina Toll Landline 0 Australia Toll Landline 0 Austria Toll Landline 0 Bahrain Toll Landline 0 Belgium Toll Landline

More information

Prototyping and evaluation of TCAPsec

Prototyping and evaluation of TCAPsec Department of Computer Science Kang Chung Prototyping and evaluation of TCAPsec Degree Project of 20 credit points Master s in Computer Science and Engineering Date: 2006-02-01 Supervisor: Katarina Asplund

More information

GPRS security. Helsinki University of Technology S Security of Communication Protocols

GPRS security. Helsinki University of Technology S Security of Communication Protocols GPRS security Helsinki University of Technology S-38.153 Security of Communication Protocols vrantala@cc.hut.fi 15.4.2003 Structure of the GPRS Network BSS GTP PLMN BSS-Base Station sub-system VLR - Visiting

More information

E N H A N C E D F R A U D D E T E C T I O N U S I N G S I G N A L I N G. W U G M a l a y s i a

E N H A N C E D F R A U D D E T E C T I O N U S I N G S I G N A L I N G. W U G M a l a y s i a E N H A N C E D F R A U D D E T E C T I O N U S I N G S I G N A L I N G W U G M a l a y s i a 2 0 1 7 CONTACTS NUNO PESTANA FRAUD PROFESSIONAL SERVICES MANAGER +351 939 651 481 nuno.pestana@wedotechnol

More information

CONTENTS. Subscriber denial of service...9 Causes of vulnerabilities Recommendations for protection Conclusion... 13

CONTENTS. Subscriber denial of service...9 Causes of vulnerabilities Recommendations for protection Conclusion... 13 DIAMETER VULNERABILITIES EXPOSURE REPORT 2018 DIAMETER VULNERABILITIES EXPOSURE REPORT 2018 CONTENTS Introduction...3 Terms and definitions...3 Executive summary...4 Materials and methods...4 Client snapshot...5

More information

Mega Event Testing Methodologies and benefits explained with examples from FIFA Florian Leeder

Mega Event Testing Methodologies and benefits explained with examples from FIFA Florian Leeder Mega Event Testing Methodologies and benefits explained with examples from FIFA 2018 Florian Leeder SIGOS Entire Solutions for Business Optimization Technical Perspective in Business Assurance Active Testing

More information

Interworking Internet Telephony and Wireless

Interworking Internet Telephony and Wireless Interworking Internet Telephony and Wireless Telecommunications Networks Bell Laboratories & Columbia University lennox@{bell-labs.com,cs.columbia.edu} Kazutaka Murakami, Mehmet Karaul, Thomas F. La Porta

More information

Ghost Telephonist. Link Hijack Exploitations in 4G LTE CS Fallback. Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI

Ghost Telephonist. Link Hijack Exploitations in 4G LTE CS Fallback. Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI Ghost Telephonist Link Hijack Exploitations in 4G LTE CS Fallback Yuwei ZHENG, Lin HUANG, Qing YANG, Haoqi SHAN, Jun LI UnicornTeam, 360 Technology July 27, 2017 Who We Are? 360 Technology is a leading

More information

Out of Bundle Vodafone

Out of Bundle Vodafone Out of Bundle Vodafone Out of Bundle Charges - Vodafone The following charges apply once you have used your allowance, or if you call/text/browse outside of your allowance: Standard UK call charges Cost

More information

MAP Service Configuration Mode Commands

MAP Service Configuration Mode Commands Mobile Application Part (MAP) is a protocol which provides an application layer for the various nodes in the core mobile network and GPRS and UMTS core network to communicate with each other in order to

More information

Shell Global Helpline - Telephone Numbers

Shell Global Helpline - Telephone Numbers Shell Global Helpline - Telephone Numbers The Shell Global Helpline allows reports to be submitted by either a web-based form at or by utilising one of a number of telephone lines that will connect you

More information

Telephony Fraud and Abuse. Merve Sahin

Telephony Fraud and Abuse. Merve Sahin Telephony Fraud and Abuse Merve Sahin sahin@eurecom.fr Background 2 Telephony Networks Quick history 1870s: Plain Old Telephone System (POTS) Enabled by transmission of voice over copper lines Used in-band

More information

Marcus Wong

Marcus Wong Security Implications and Considerations for Femtocells Marcus Wong mwong@huawei.com www.huawei.com HUAWEI TECHNOLOGIES Co., Ltd. Agenda Introduction Architecture Latest attack Overview Threats and attacks

More information

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:

More information

VCL-NetProbe Product Brochure & Data Sheet

VCL-NetProbe Product Brochure & Data Sheet Product Brochure & Data Sheet Spectrum Communications E-mail: sales@spectrummea.com Website: http://www.spectrummea.com Index INDEX S.No. Particulars Pg.No. 1. Introduction 3 2. Features 4 3. Application

More information

SMS Inspector Product Overview

SMS Inspector Product Overview SMS Inspector Product Overview Detect SMS Spam and Fraud with the passive, non-intrusive SMS Network Analyzer. Move forward with the first world-wide IMS-ready analyzer tool. 1 Solution Overview The SMS

More information

HAUD SYSTEMS PRODUCT AND SERVICES PORTFOLIO

HAUD SYSTEMS PRODUCT AND SERVICES PORTFOLIO HAUD SYSTEMS PRODUCT AND SERVICES PORTFOLIO 1 CONTENTS ABOUT HAUD SYSTEMS 04 WHO WE ARE 06 THE HAUD SOLUTION 08 RANGE OF MODULES 09 INTERACTING WITH HAUD 16 HAUD S SERVICE PORTFOLIO 17 TRAFFIC PROFILING

More information

3GPP TS V6.0.0 ( )

3GPP TS V6.0.0 ( ) TS 23.066 V6.0.0 (2004-12) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Core Network; Support of Mobile Number Portability (MNP); Technical realization; Stage

More information

COPYRIGHTED MATERIAL. Global System for Mobile Communications (GSM) 1.1 Circuit-Switched Data Transmission

COPYRIGHTED MATERIAL. Global System for Mobile Communications (GSM) 1.1 Circuit-Switched Data Transmission 1 Global System for Mobile Communications (GSM) At the beginning of the 1990s, GSM, the Global System for Mobile Communications triggered an unprecedented change in the way people communicate with each

More information

Mobile Security Fall 2012

Mobile Security Fall 2012 Mobile Security 14-829 Fall 2012 Patrick Tague Class #5 Telecom Infrastructure Attacks Announcements Project teams and topics need to be set soon Project topics must be approved before the proposal can

More information

Three kinds of number portability

Three kinds of number portability Number Portability Three kinds of number portability Location portability: a subscriber may move from one location to another location without changing his or her telephone number Service portability:

More information

Subscriber Data Management

Subscriber Data Management Subscriber Data Management XML Notifications-XML Interface Description 910-6553-001 Revision C September 2013 Copyright 2012 2013 Tekelec. All Rights Reserved. Printed in USA. Legal Information can be

More information

HLR Configuration Mode Commands

HLR Configuration Mode Commands The HLR Configuration Mode is a sub-mode derived from the MAP Configuration Mode which controls the MAP service configuration. It is the MAP service that provides the application-layer protocol support

More information

Information Technology Mobile Computing Module: GSM Handovers

Information Technology Mobile Computing Module: GSM Handovers Information Technology Mobile Computing Module: GSM Handovers Learning Objectives Recap of previous modules Basic functions of Network Sub System Entities that form NSS namely MSC,GMSC,HLR and VLR Functions

More information

A Guide to our Tariffs

A Guide to our Tariffs A Guide to our Tariffs 2018 Home Phone and Broadband charges All call prices shown are in pence per minute; chargeable calls are subject to a call set-up fee of 16.8p except where otherwise stated Fixed

More information

No Purchase needed

No Purchase needed www.dialntalk.co.uk No Purchase needed About DialnTalk DialnTalk is the instant dial service developed to offer you easy to use low cost international telephone calls. Our aim is to provide a hassle free

More information

GSM Interception IMSI Catcher and Voice Interception

GSM Interception IMSI Catcher and Voice Interception GSM Interception IMSI Catcher and Voice Interception Part of the product line Product overview go2intercept passive: GSM interception Passive, massive, of the air. (page 3-4) go2intercept active basic:

More information

Alternative phone number: Credit card/debit card number Expiry date: / / DD MM YYYY

Alternative phone number: Credit card/debit card number Expiry date: / / DD MM YYYY Enterprise application form - Employee Standard BMP Plans Step 1: Fill out your personal information Name (as in passport): Company name: Email ID: Office address: Nationality: Employee ID: Alternative

More information

OTT - THREAT OR OPPORTUNITY FOR AFRICAN TELCOS? DR CHRISTOPH STORK

OTT - THREAT OR OPPORTUNITY FOR AFRICAN TELCOS? DR CHRISTOPH STORK OTT - THREAT OR OPPORTUNITY FOR AFRICAN TELCOS? DR CHRISTOPH STORK MOBILE BROADBAND Mobile broadband (2.5G and 3G) and declining smart phone prices have lead to a rapid increase in Internet use Computer

More information

We Know Where You Are!

We Know Where You Are! 2016 8th International Conference on Cyber Conflict Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 NATO CCD COE Publications, Tallinn Permission to make digital or hard copies of this publication

More information

Turquoise Terminal Returns User Guide for Creating & Uploading a Turquoise Terminal Return

Turquoise Terminal Returns User Guide for Creating & Uploading a Turquoise Terminal Return Turquoise Terminal Returns User Guide for Creating & Uploading a Turquoise Terminal Return End-User Documentation Page 1 of 11 Contents Accessing the Terminal Returns application 3 Creating a Terminal

More information

Improving digital infrastructure for a better connected Thailand

Improving digital infrastructure for a better connected Thailand Improving digital infrastructure for a better connected 1 Economies across the globe are going digital fast The Global GDP forecast 2017 Economies are setting policies to encourage ICT investment Global

More information

GPRS Intercept: Wardriving your country. Karsten Nohl, Luca Melette,

GPRS Intercept: Wardriving your country. Karsten Nohl, Luca Melette, GPRS Intercept: Wardriving your country Karsten Nohl, nohl@srlabs.de Luca Melette, luca@srlabs.de Executive summary Do not send sensitive data over GPRS GPRS/EDGE networks provide the data backbone of

More information

Express Monitoring 2019

Express Monitoring 2019 Express Monitoring 2019 WHY CHOOSE PT EXPRESS MONITORING PT Express Monitoring provides a quick evaluation of the current signaling network protection level. This service helps to discover critical vulnerabilities

More information

ITU REGIONAL ECONOMIC & FINANCIAL FORUM OF TELECOMMUNICATIONS/ICT FOR AFRICA INTERNATIONAL ROAMING SADC PERSPECTIVE

ITU REGIONAL ECONOMIC & FINANCIAL FORUM OF TELECOMMUNICATIONS/ICT FOR AFRICA INTERNATIONAL ROAMING SADC PERSPECTIVE ITU REGIONAL ECONOMIC & FINANCIAL FORUM OF TELECOMMUNICATIONS/ICT FOR AFRICA INTERNATIONAL ROAMING SADC PERSPECTIVE Mr Leweng Mphahlele Manager: Economic & Financial Analysis ICASA CONTENTS Vision & Mission

More information

EE Pay Monthly Add-Ons & Commitment Packs. Version

EE Pay Monthly Add-Ons & Commitment Packs. Version EE Pay Monthly Add-Ons & Commitment Packs Version 1A Available from 28 October 2015 1 COMMITMENT PACKS In addition to the allowances included in our Standard and EE Extra plans for both Pay Monthly handset

More information

PCS (GSM) 1900 Service Provider Number Portability

PCS (GSM) 1900 Service Provider Number Portability ETSI SMG Plenary Tdoc SMG 661 / 97 Budapest, 13-17 October 1997 Agenda Item: 7.1 Source: SMG1 R GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS PCS (GSM) 1900 Service Provider Number Portability ANSI This specification

More information

The Smart Enterprise. InGuard Application. 24/7/365 Protection from Toll Fraud Attack

The Smart Enterprise. InGuard Application. 24/7/365 Protection from Toll Fraud Attack The Smart Enterprise InGuard Application 24/7/365 Protection from Toll Fraud Attack InGuard Application Contents 3 What exactly is a toll fraud attack? How does NEC s InGuard defend against these? How

More information

Rev

Rev Rev. 1.7.2 Copyright Notice Copyright Telinta Inc. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express

More information

Transforming networks and services for communications service providers

Transforming networks and services for communications service providers Transforming networks and services for communications service providers Do you need more agility to keep pace with new challengers in your market? The change is happening right now The growing number of

More information

Hybrid Wide-Area Network Application-centric, agile and end-to-end

Hybrid Wide-Area Network Application-centric, agile and end-to-end Hybrid Wide-Area Network Application-centric, agile and end-to-end How do you close the gap between the demands on your network and your capabilities? Wide-area networks, by their nature, connect geographically

More information

LET S TALK MONEY. Fahad Pervaiz. Sam Castle, Galen Weld, Franziska Roesner, Richard Anderson

LET S TALK MONEY. Fahad Pervaiz. Sam Castle, Galen Weld, Franziska Roesner, Richard Anderson LET S TALK MONEY Fahad Pervaiz Sam Castle, Galen Weld, Franziska Roesner, Richard Anderson Unbanked Population Branchless Banking Bank/Financial Institute Bank of America, Standard Chartered Bank Telecommunication

More information

Technology Lifecycle Management Assessment. Know your network - achieve business agility

Technology Lifecycle Management Assessment. Know your network - achieve business agility Technology Lifecycle Management Assessment Know your network - achieve business agility Your network is the platform on which you build the success of your organisation. In addition to connecting your

More information

ITU Arab Regional Workshop on Mobile Roaming: National & International Practices 27 to 29 of Oct, 2015 Sudan - Khartoum

ITU Arab Regional Workshop on Mobile Roaming: National & International Practices 27 to 29 of Oct, 2015 Sudan - Khartoum ITU Arab Regional Workshop on Mobile Roaming: National & International Practices 27 to 29 of Oct, 2015 Sudan - Khartoum Roaming Service in Sudan improvement & Challenges Zain, MTN & Sudani Content - Telecom

More information

Lecture 9 Mobility Management and Mobile Application Part (MAP)

Lecture 9 Mobility Management and Mobile Application Part (MAP) S38.3115 Signaling Protocols Lecture Notes Lecture 9 Mobility Management and Mobile Application Part (MAP) Introduction... 2 Mobility problem analysis... 2 Location of users... 2 GSM solution of mobility

More information

3GPP TS ( )

3GPP TS ( ) TS 33.204 9.0.0 (2009-12) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Network Domain Security (NDS); Transaction

More information

5G World 2016 VoLTE Roaming: an opportunity for new business models. Cédric Bonnet - Orange London June 30 th, 2016

5G World 2016 VoLTE Roaming: an opportunity for new business models. Cédric Bonnet - Orange London June 30 th, 2016 5G World 2016 VoLTE Roaming: an opportunity for new business models Cédric Bonnet - Orange London June 30 th, 2016 VoLTE Roaming: an opportunity for new business models 1 2 S8HR: a false good idea LBO

More information

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document

More information

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder. Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/

More information

Vodafone Global FACTS

Vodafone Global FACTS Vodafone Global FACTS Stefanie Schmidt, Stefan Deckers July 2018 C1-Vodafone External C1-Vodafone External 2 Global FACTS Overview & Introduction Luxembourg Global Roamer Germany 23 Countries Overview

More information

Endpoint Security - what-if analysis 1

Endpoint Security - what-if analysis 1 Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File

More information

Step 1: New Portal User User ID Created Using IdentityIQ (IIQ)

Step 1: New Portal User User ID Created Using IdentityIQ (IIQ) Rockwell Automation PartnerNetwork Portal Single Sign-on (SSO) Login to Rockwell Automation PartnerNewtork Portal for Commercial Programs Participants Scope: This job aid provides instructions on how to

More information

Copyright

Copyright 1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?

More information

Unbundling roaming services. An effective way to create competition for roaming services in the European Union

Unbundling roaming services. An effective way to create competition for roaming services in the European Union Unbundling roaming services An effective way to create competition for roaming services in the European Union 1 Overview > Short summary of the solution > Key factors in choosing one structural solution

More information

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015 Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan June 18, 2015 1 / 19 ARP (Address resolution protocol) poisoning ARP is used to resolve 32-bit

More information

NETWORK SECURITY. Ch. 3: Network Attacks

NETWORK SECURITY. Ch. 3: Network Attacks NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network

More information

Stealthy SS7 Attacks

Stealthy SS7 Attacks Stealthy SS7 Attacks Sergey Puzankov Positive Technologies, Russia E-mail: spuzankov@ptsecurity.com Received 8 September 2017; Accepted 10 October 2017 Abstract As we can see, most mobile operators defend

More information

Telecom MISP. Building a Telecom Information Sharing Platform. Alexandre De Oliveira

Telecom MISP. Building a Telecom Information Sharing Platform. Alexandre De Oliveira Telecom MISP Building a Telecom Information Sharing Platform Alexandre De Oliveira MISP history Actively developed and maintained by CIRCL Computer Incident Response Center Luxembourg Open Source Software

More information

Collaborative Regulation in the APP Economy

Collaborative Regulation in the APP Economy ITU Regional Economic and Financial Forum of Telecommunications/ICT for Africa Victoria Falls, ZIMBABWE, 30 31 January 2017 Collaborative Regulation in the APP Economy Carmen Prado Wagner Regulatory and

More information

Fraud Detection in International Calls Using Fuzzy Logic

Fraud Detection in International Calls Using Fuzzy Logic Fraud Detection in International Calls Using Fuzzy Logic Osama Mohamed Elrajubi, Hussein Marah, Abdulla A. Abouda Abstract Telecommunications fraud is a problem that affects operators and telecommunication

More information

Benefits of Local Manufacturing

Benefits of Local Manufacturing Benefits of Local Manufacturing January 2016 1 Powering AFRICA 2 nd Annual Summit 2016 Benefits of Local Manufacturing The Speaker Hamid Al Zayani Managing Director Midal Cables Limited, Kingdom of Bahrain

More information