back

Mobile network attack evolution

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration: 00:49:34
Language: English
Abstract: Mobile networks should protect users on several fronts: Calls need to be encrypted, customer data protected, and SIM cards shielded from malware.

Many networks are still reluctant to implement appropriate protection measures in legacy systems. But even those who add mitigations often fail to fully capture attacks: They target symptoms instead of solving the core issue.

This talks discusses mobile network and SIM card attacks that circumvent common protection techniques to illustrate the ongoing mobile attack evolution.

The evolution is exemplified by new advanced attack vectors against mobile communication and SIM cards:

Mobile calls and identities are known to be weakly protected, but network progressively rolled out patches to defeat hacking tools. We will discuss — and release — tools to measure whether these changes are effective.

SIM cards were identified as a remote exploitation risk this year: Unnoticed by the victim, an attacker can take control over a card by sending a few binary SMS. Network operators started filtering binary SMS and patched some of their weak SIM card configurations in response to vulnerability research. The talk looks at filtering evasion techniques and discloses new configuration vulnerabilities present in many cards world-wide.