back

Mobile Data Interception from the Interconnection Link

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:48:19
Language
English
Abstract
Many mobile network operators rush to upgrade their networks to 4G/LTE from 2G and 3G, not only to improve the service, but also the security. The Diameter protocol - the successor of SS7 in Long Term Evolution (LTE) networks is believed to offer more protection to the network itself and to the end-users. However, also Diameter offers a rich functionality set, which can be also exploited and misused, if the network is not properly protected. We will show in this lecture, how data interception (MiM) can be done via the diameter based interconnection link.

Ever since the public revelation of global surveillance and the exploits targeting the mobile communication backend and in particular the interconnection network that links operators to each other, the general awareness of security and privacy in telecommunication industry has increased. Misusing the technical features of mobile core network technology - specifically the Signaling System 7 (SS7) has disclosed numerous ways to locate, track and manipulate the routine cellular activities of cellphone users e.g. as shown by Karsten Nohl and Tobias Engel in 2008 and 2014. In fact, the SMS-based key recovery mechanism becoming vulnerable because of the SS7 vulnerabilities, like we saw in the recent mTAN attack in spring 2017 in Germany.
Many mobile network operator rush to upgrade their networks to 4G/LTE from 2G and 3G, not only to improve the service, but also the security. The Diameter protocol - the successor of SS7 in Long Term Evolution (LTE) networks is believed to offer more protection to the network itself and to the end-users. However, Diameter inherits many functionalities and traits of the SS7 network. Therefore, some attacks are also possible there e.g. location tracking, DoS or SMS interception in LTE by abusing the Diameter-based interconnection.
In this talk, we dig deeper into the Diameter interconnection to uncover how data connections can be intercepted from the interconnection link using the diameter based interfaces that are open to the interconnection network. We will show how a subscriber profile can be manipulated to allow resetting of the access point configuration and by that allow a classical man-in-the middle attack for data communications.
We first discuss the current status of interconnection or mobile telephony core network security and explain the basic interfaces. This will then be followed by outlining the data collection attacks and the interception attacks, which exploit and combine information from several interfaces. Both authors have a realistic insight on the actual deployment reality and security status of the interconnection network. We discuss the practicalities of such attacks with the help of screenshots, network logs and wireshark traces during this talk. We will conclude the talk with solutions for countermeasures in the interconnection edge nodes, proper security configurations in LTE networks, GSMA protection standards for monitoring and strategies for improvising filtering policies of firewalls that defend the system from roaming abuses
Ever since the public revelation of global surveillance and the exploits targeting the mobile communication backend and in particular the interconnection network that links operators to each other, the general awareness of security and privacy in telecommunication industry has increased. Misusing the technical features of mobile core network technology - specifically the Signaling System 7 (SS7) has disclosed numerous ways to locate, track and manipulate the routine cellular activities of cellphone users e.g. as shown by Karsten Nohl and Tobias Engel in 2008 and 2014. In fact, the SMS-based key recovery mechanism becoming vulnerable because of the SS7 vulnerabilities, like we saw in the recent mTAN attack in spring 2017 in Germany.
Many mobile network operator rush to upgrade their networks to 4G/LTE from 2G and 3G, not only to improve the service, but also the security. The Diameter protocol - the successor of SS7 in Long Term Evolution (LTE) networks is believed to offer more protection to the network itself and to the end-users. However, Diameter inherits many functionalities and traits of the SS7 network. Therefore, some attacks are also possible there e.g. location tracking, DoS or SMS interception in LTE by abusing the Diameter-based interconnection.
In this talk, we dig deeper into the Diameter interconnection to uncover how data connections can be intercepted from the interconnection link using the diameter based interfaces that are open to the interconnection network. We will show how a subscriber profile can be manipulated to allow resetting of the access point configuration and by that allow a classical man-in-the middle attack for data communications.
We first discuss the current status of interconnection or mobile telephony core network security and explain the basic interfaces. This will then be followed by outlining the data collection attacks and the interception attacks, which exploit and combine information from several interfaces. Both authors have a realistic insight on the actual deployment reality and security status of the interconnection network. We discuss the practicalities of such attacks with the help of screenshots, network logs and wireshark traces during this talk. We will conclude the talk with solutions for countermeasures in the interconnection edge nodes, proper security configurations in LTE networks, GSMA protection standards for monitoring and strategies for improvising filtering policies of firewalls that defend the system from roaming abuses

Talk ID
8879
Event:
34c3
Day
2
Room
Saal Adams
Start
11:30 a.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Dr. Silke Holtmanns
Talk Slug & media link
34c3-8879-mobile_data_interception_from_the_interconnection_link
English
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%
  

Work on this video on Amara!

English: Transcribed until

Last revision: 2 years, 10 months ago