Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking Communication System

Published byJaylan Pawl Modified over 9 years ago

Similar presentations

Presentation on theme: "Hacking Communication System"— Presentation transcript:

1 Hacking Communication System
Akib Sayyed

2 About Me Telecom Security Researcher Spoke at NullCon 2012
Works on SDR ,GNURADIO Certified Psycho 

3 About Company Payatu Technologies Pvt. Ltd.
Boutique Security Testing Company Blackbox/Product/Web/Mobile Audits Security Trainings Organizers of nullcon Security Conference

4 What are we looking at Hacking GSM Hacking Core Telecom Network

5 Hacking GSM

6 What can we do with GSM Listen Call Impersonate some1’s Identity
Track Location

7 Listening to Calls More like a Rocket Science Till 2006
People built own crackers and interceptors Some of them are open source Easy to build Open Source Software and Hardware available to receive data and Crack encryption.

8 Cost for 1 Interceptor 1500 Rs Phone
20000 Rs hard disk with rainbow tables 20000 Rs worth Computer Home Made Software + Open Source Code And your interceptor is ready

9 Protecting Calls Upgrade encryption Standard
Allow A5/3 Randomize SI and Padding End to End Call encryption Use 3G :P

10 Impersonating Use some’1s identity while making request to network
This allows one to impersonate identity of some1else. Can Make/ Receive Calls Send/Receive SMS Divert Calls

11 Protection Against Impersonating
End User Cannot do anything Operator Need to work on same Authenticate Calls Authenticate SMS Authenticate USSD Request

12 Hacking Core Network (SS7 and SIGTRAN)

13 Core Network in Telco Image Credits :

14 Core Network 2G /3G Based on SS7/SIGTRAN and IP
In simple words Either TDM(T1/E1) or IP (SCTP/TCP IP) No authentication (No User Name and Password) (on SS7)

15 SS7 is used for Carry Voice SMS
USSD (Unstructured Supplementary Service Data ) Call Handling Operation and Maintenance Mobility Services Location Management ......

16 SS7 /SIGTRAN Stack Image Credit : Mobicents

17 Protocols in SS7/Sigtran
MTP1/2/3,M3UA SCCP -> Signalling Connection Control Part TCAP -> Transaction Capability Application Part ISUP -> ISDN User Part MAP -> Mobile Application Part CAP ->Camel Application Part INAP-> Intelligent Network Application Part

18 MTP1/2/3 And M3UA Provides physical , data link layer and Network layer MTP1 = Message Transfer part 1 MTP2 = Message Transfer part 2 MTP3 = Message Transfer part 3 M3UA = MTP3 User Adaption Layer

19 SCCP /TCAP Signalling Connection Control Part
Provides Extended Routing , Flow Control ,Connection Oriented /Connection less Relies on MTP for basic routing and error correction Transaction Capability Application Part Facilitate Multiple Concurrent dialog Between Same SSN More like session handler

20 MAP Mobile Application Part SMS USSD Call Handling , Routing
Location Management

21 CAP Camel Application Part Intelligent Network Application Part
Used when subscriber is roaming Allow home network to monitor and control calls made by subscriber Intelligent Network Application Part

22 Routing in SS7 Based on PC (Point Code) == LAN IP
Based on GT (Global Title) == WAN IP SSN (Sub System Number) == Port Number STP(Signalling Transfer Point) == Router SSP (Service Switching Point) SCP (Service control point)

23 Routing based on Point Code
Image Credit : Cisco

24 Routing Based on GTT Image Credit : Cisco

25 Routing based on GTT Image Credit : Cisco

26 Where we can attack SCCP- Signalling Connection Control Part
TCAP- Transaction Capabilities Application Part ISUP – ISDN user part MAP – Mobile application part CAP - Camel Application part INAP- Intelligent network application part

27 Some Example of Attacks
Purging MS from HLR Insert Subscriber Data Delete Subscriber Data Send Authentication info Flood Send Routing info Exposes IMSI of subscriber Hostile Location Update Cancel Location Update MAP ATI exposes Location of subscriber

28 How to protect network Check if network is vulnerable to such attack
We have our own proprietary tool for doing same Perform filtering of non required message at point code level or STP level Use SS7 Firewall /IDS

29 DEMO

30 Thanks Questions

Download ppt "Hacking Communication System"

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Secure Mobile IP Communication

Secure Mobile IP Communication
PROTEI Tomorrow Technologies Today Company profile 2009.

PROTEI Tomorrow Technologies Today Company profile 2009.
Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)

Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)
GSM Protocol Stack Shrish Mammattva Bajpai. What is Protocol Stack ? A protocol stack (sometimes communications stack) is a particular software implementation.

GSM Protocol Stack Shrish Mammattva Bajpai. What is Protocol Stack ? A protocol stack (sometimes communications stack) is a particular software implementation.
ENGR 475 – Telecommunications

ENGR 475 – Telecommunications
TEL 355: Communication and Information Systems in Organizations Architecture: Signaling System 7 (SS7) Professor John F. Clark.

TEL 355: Communication and Information Systems in Organizations Architecture: Signaling System 7 (SS7) Professor John F. Clark.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Telecoms Networks Mohamed Mokdad HES – Biel/Bienne.

Telecoms Networks Mohamed Mokdad HES – Biel/Bienne.
Signalling Systems System which allows various network components to exchange information –In particular, it supports call / connection control network.

Signalling Systems System which allows various network components to exchange information –In particular, it supports call / connection control network.
Data Networking Fundamentals Unit 7 7/2/2015 1 Modified by: Brierley.

Data Networking Fundamentals Unit 7 7/2/ Modified by: Brierley.
COMPUTER NETWORKS.

COMPUTER NETWORKS.
Networking Components Manuel Palos. HUBS Hubs are inexpensive devices that connect multiple devices t0 a network. Hubs merely pass along network data.

Networking Components Manuel Palos. HUBS Hubs are inexpensive devices that connect multiple devices t0 a network. Hubs merely pass along network data.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.

MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.
By: Colby Shifflett Dr. Grossman Computer Science 420 12/01/2009.

By: Colby Shifflett Dr. Grossman Computer Science /01/2009.
Signaling Basic Concepts of CCS 7 Training Center

Signaling Basic Concepts of CCS 7 Training Center
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
Signaling & Network Control Dr. Eng. Amr T. Abdel-Hamid NETW 704 Winter 2006 Intelligent Networks.

Signaling & Network Control Dr. Eng. Amr T. Abdel-Hamid NETW 704 Winter 2006 Intelligent Networks.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

Similar presentations

Ads by Google