SlideShare ist ein Scribd-Unternehmen logo

Turner.issa la.mobile vulns.150604

I
ISSA LA

The document discusses vulnerabilities in cellular networks, including base station (BTS) vulnerabilities and SS7 vulnerabilities. BTS vulnerabilities allow attackers to intercept all voice, SMS, and data traffic flowing through a false base station. SS7 vulnerabilities allow attackers to track subscribers, intercept SMS messages including two-factor authentication codes, and enable fraud by rerouting subscriber communications. Both vulnerabilities are difficult to detect due to the large number of operators and interconnects in global cellular networks. The document recommends deploying baseband firewalls, shifting away from SMS-based authentication, and limiting exposure of executive mobile devices on sensitive trips to help mitigate risks from these cellular network vulnerabilities.

Technologie
1 von 22
Downloaden Sie, um offline zu lesen
1 www.iansresearch.com ©2014 IANS Cellular Network Attacks What the latest vulnerabilities mean for businesses and individuals Aaron Turner – CEO, IntegriCell IANS Research Faculty
2 www.iansresearch.com ©2014 IANS At a Glance  Every network humans have constructed has vulnerabilities  Why should cellular networks be any different?  The base station problem  Localized attacks with significant impacts  The SS7 problem  Global attacks with enormous consequences  How MDM/EMM/MAM are essentially useless playthings when it comes to these vulnerabilities  We’ve got a lot of work to do
3 www.iansresearch.com ©2014 IANS Cellular network architecture overview Operator 1 Operator 2 Operator 3 SS7Network
4 www.iansresearch.com ©2014 IANS A quick cellular network lesson  BTS – Base Transceiver Station  A ‘cell tower’, the point where the cellular network moves from fiber to RF  HLR – Home Location Register  The ‘billing database’ for non-roaming users – what services you’re entitled to  VLR – Visitor Location Register  The ‘billing database’ for roaming users – what services the home operator tells the roaming operator it can offer  SS7 – Signaling System #7  Packet-like network, relies on SIGTRAN (IETF protocol) to transmit messages between Operators  MSC – Mobile Switching Center  Handles the functions of cell-handoff, SS7 interchange (for cell-to- landline calls), SMS services, voice conferencing and billing/charging
5 www.iansresearch.com ©2014 IANS Remember when…  We used to create passive network sniffers?  Just a matter of double- connecting the TX and RX pairs  In the OSI Model – ‘Physical’ attack
6 www.iansresearch.com ©2014 IANS Back to the Future  Imagine cellular RF signals as the new physical attack layer  As copper was to CAT V cable, RF is to cellular  Unfortunately…  Cell phones do not have the integrity controls to assure connection to authorized BTS’  Most cellular subscribers have no idea what the state of their network connection is
7 www.iansresearch.com ©2014 IANS What does this mean?  Your cell phone will gladly connect to any BTS that says it wants to talk to it  The BTS instructs the phone what level of protection the communications must have  Weak or no encryption? Sure thing!  The BTS can terminate, capture, replay or otherwise manipulate anything flowing through the BTS  Yes, even if the BTS is not owned by the authorized operator, an attacker can capture all of the traffic  Voice, SMS & Data
8 www.iansresearch.com ©2014 IANS False BTS Scenario  Theory: Attackers would put their BTS in a cargo van, drive around the attack target and stay mobile  Reality: Attackers are placing their BTS inside of the building, and conducting persistent attacks
9 www.iansresearch.com ©2014 IANS What data can be stolen?  London: Media company’s offices targeted for pre-market access to financial information  Earnings report ‘heads up’ SMS sent to financial reporter  Financial reporter’s service intercepted  Attacker able to gain an advantage in commodities or equities  US: Engineering facilities targeted for product development information  Rapid prototyping teams rely more on their mobile devices than IT infrastructure  Attackers able to gather product development details & scheduling information
10 www.iansresearch.com ©2014 IANS 15 total areas of interest in DC Over 40 alerts in those areas 4 research devices Washington DC Findings
11 www.iansresearch.com ©2014 IANS Bay Area Findings 5 total areas of interest Over 30 firewall alerts 3 research devices 2 networks 2 locations where full intercept capabilities were underway
12 www.iansresearch.com ©2014 IANS BTS Vulnerabilities Bottom Line  Cellular network communications can be easily intercepted  Intercept is a localized attack  Limited to a particular area, based on the strength of the false BTS’ signal  Not necessarily scalable for large-scale attacks  Intercept can be universal or targeted  All devices in a particular area or interceptors can ‘shed’ non- targeted devices and only focus on those of interest  What controls exist?  Baseband firewalls are the best option for false BTS awareness  Beware of software-only offerings, true promiscuous-mode monitoring requires kernel- and driver-level modification of cellular radios
13 www.iansresearch.com ©2014 IANS What’s this SS7 thing?  SS7 is like DNS and SMTP rolled into one system  Allows carriers to perform lookups on subscribers’ status AND  Allows carriers to deliver content to each other on subscriber activity  What could possibly go wrong?  SS7 high-profile examples:  Number portability  SMS one-time-use codes  Subscriber geolocation (criminal investigation, etc.)
14 www.iansresearch.com ©2014 IANS SS7 – Vulnerabilities Overview  Every network operator has SS7 nodes which they have configured as Service Control Points (SCP) and Signaling Gateways (SG)  Perimeter-based protections & controls  Have security perimeters failed in the past?
15 www.iansresearch.com ©2014 IANS What attacks can be run today?  International Roaming Fraud  SIM vendor in country X sells an ‘unlimited roaming’ SIM for country Y  SIM vendor colludes with attackers to toggle the SIM from post-paid to pre-paid and back again  Essentially allows for a free month of roaming  SIM vendor profits, operator in country loses revenues  Bad news for operators… what about for enterprises?
16 www.iansresearch.com ©2014 IANS Subscriber Tracking & Information Disclosure  What if I wanted to track your company’s executives in real time?  Use the information for potential deal-making intelligence  M&A opportunities, etc.  Operators say, “Can’t happen!” VLR/ MSC HLR SS7 interconnect X
17 www.iansresearch.com ©2014 IANS But, the perimeter fails…  Just like with perimeters of the past, they can be bypassed HLR VLR/ MSC SS7 interconnect
18 www.iansresearch.com ©2014 IANS VLR Query Example  Even if the HLR filters request, most of the time the VLR is vulnerable  Operators have hardened their SG’s and HLR’s but not their VLR’s  IMEI and subscriber state (currently in a phone call or not?) can be requested
19 www.iansresearch.com ©2014 IANS SMS Intercept  electronic banking & SMS MFA fraud, made possible by forced re- routing of authentication SMS messages and/or calls to the attacker SS7 interconnect 1 4 HLR XVLR/ MSC SMSC 2. Bank sends text message with mTAN to subscriber A 1. Attacker tells HLR that subscriber A is now logged on to his “network” (updateLocation) 4. SMS is delivered to attacker (mt- ForwardSM) 3. SMSC gets referred to attacker’s “VLR” as destination by HLR (sendRoutingInfoForSM) 2 3 A
20 www.iansresearch.com ©2014 IANS Root cause analysis  Attackers are likely exploiting common cybersecurity vulnerabilities to gain access to SS7 Interconnects  As long as the attacker does not get too greedy or send too many commands through the roaming partner’s SS7 Interconnect, it is very difficult to detect these types of attacks  Attack surface is surprising large: 800 operators in 220 countries http://www.gsma.com/membership/who-are-our-gsma-members/full-membership/ 1. Attacker identifies vulnerable international roaming partner and runs APT-style operation 2. Exploited SS7 Interconnect then used to send commands to target 3. Attacker exploits target SS7 network for fraud or information gathering
21 www.iansresearch.com ©2014 IANS Cellular Network Vulnerabilities The Bottom Line  BTS Vulns:  Enterprises are left with very little control  Deploy baseband firewalls and monitor  SS7 Vulns:  Shift away from SMS-driven authentication  Train executives to leave primary phones behind on sensitive trips  Vendors like Payfone are going to be in a rough situation
22 www.iansresearch.com ©2014 IANS Questions & Comments? Aaron Turner aturner@iansresearch.com Or – connect with me on LinkedIn https://www.linkedin.com/in/aaronrturner

Empfohlen

Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529ISSA LA
 
B130912
B130912B130912
B130912irjes
 
GSM security solution by FINETUNE Technologies
GSM security solution by FINETUNE TechnologiesGSM security solution by FINETUNE Technologies
GSM security solution by FINETUNE TechnologiesEngr.MEESHU SHARKER
 
Test
TestTest
Testguest833bf3b
 
Providing end to-end secure
Providing end to-end secureProviding end to-end secure
Providing end to-end secureIJNSA Journal
 
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...Dr.Irshad Ahmed Sumra
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...Siddharth Rao
 
Cryptography in GSM
Cryptography in GSMCryptography in GSM
Cryptography in GSMTharindu Weerasinghe
 

Empfohlen

Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529ISSA LA
 
B130912
B130912B130912
B130912irjes
 
GSM security solution by FINETUNE Technologies
GSM security solution by FINETUNE TechnologiesGSM security solution by FINETUNE Technologies
GSM security solution by FINETUNE TechnologiesEngr.MEESHU SHARKER
 
Test
TestTest
Testguest833bf3b
 
Providing end to-end secure
Providing end to-end secureProviding end to-end secure
Providing end to-end secureIJNSA Journal
 
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...
An Integrated Multi-level Security Model for Malicious Attacks Resiliency in ...Dr.Irshad Ahmed Sumra
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...Siddharth Rao
 
Cryptography in GSM
Cryptography in GSMCryptography in GSM
Cryptography in GSMTharindu Weerasinghe
 
Towards Improving Security in VANET: Some New Possible Attacks and their Poss...
Towards Improving Security in VANET: Some New Possible Attacks and their Poss...Towards Improving Security in VANET: Some New Possible Attacks and their Poss...
Towards Improving Security in VANET: Some New Possible Attacks and their Poss...Dr.Irshad Ahmed Sumra
 
A REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTS
A REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTSA REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTS
A REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTSIJNSA Journal
 
Mim
MimMim
MimHai Nguyen
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...
A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...
A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...Editor IJCATR
 
A REVIEW ON SYBIL ATTACK DETECTION TECHNIQUES
A REVIEW ON SYBIL ATTACK DETECTION TECHNIQUESA REVIEW ON SYBIL ATTACK DETECTION TECHNIQUES
A REVIEW ON SYBIL ATTACK DETECTION TECHNIQUESJournal For Research
 
Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...
Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...
Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...Dr.Irshad Ahmed Sumra
 
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...IRJET Journal
 
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...Editor IJCATR
 
Real-Time Location Systems Security using Distance Bounding
Real-Time Location Systems Security using Distance BoundingReal-Time Location Systems Security using Distance Bounding
Real-Time Location Systems Security using Distance BoundingIJRES Journal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingFahad Hussain
 
Le security v0.8
Le security v0.8Le security v0.8
Le security v0.8Ravikiran HV
 
Survey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
Survey on VSPN: VANET-Based Secure and Privacy-Preserving NavigationSurvey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
Survey on VSPN: VANET-Based Secure and Privacy-Preserving NavigationIJERA Editor
 
wireless communication security PPT, presentation
wireless communication security PPT, presentationwireless communication security PPT, presentation
wireless communication security PPT, presentationNitesh Dubey
 
IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...
IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...
IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...IRJET Journal
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 VulnerabilitiesPositiveTechnologies
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!PositiveTechnologies
 
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET Journal
 
Research by ahad attack on the physical layer
Research by ahad attack on the physical layerResearch by ahad attack on the physical layer
Research by ahad attack on the physical layerMuhammad Ahad
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011 Trend Micro
 

Weitere ähnliche Inhalte

Was ist angesagt?

Towards Improving Security in VANET: Some New Possible Attacks and their Poss...
Towards Improving Security in VANET: Some New Possible Attacks and their Poss...Towards Improving Security in VANET: Some New Possible Attacks and their Poss...
Towards Improving Security in VANET: Some New Possible Attacks and their Poss...Dr.Irshad Ahmed Sumra
 
A REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTS
A REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTSA REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTS
A REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTSIJNSA Journal
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...
A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...
A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...Editor IJCATR
 
A REVIEW ON SYBIL ATTACK DETECTION TECHNIQUES
A REVIEW ON SYBIL ATTACK DETECTION TECHNIQUESA REVIEW ON SYBIL ATTACK DETECTION TECHNIQUES
A REVIEW ON SYBIL ATTACK DETECTION TECHNIQUESJournal For Research
 
Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...
Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...
Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...Dr.Irshad Ahmed Sumra
 
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...IRJET Journal
 
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...Editor IJCATR
 
Real-Time Location Systems Security using Distance Bounding
Real-Time Location Systems Security using Distance BoundingReal-Time Location Systems Security using Distance Bounding
Real-Time Location Systems Security using Distance BoundingIJRES Journal
 
Survey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
Survey on VSPN: VANET-Based Secure and Privacy-Preserving NavigationSurvey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
Survey on VSPN: VANET-Based Secure and Privacy-Preserving NavigationIJERA Editor
 
wireless communication security PPT, presentation
wireless communication security PPT, presentationwireless communication security PPT, presentation
wireless communication security PPT, presentationNitesh Dubey
 
IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...
IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...
IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...IRJET Journal
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!PositiveTechnologies
 
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET Journal
 
Research by ahad attack on the physical layer
Research by ahad attack on the physical layerResearch by ahad attack on the physical layer
Research by ahad attack on the physical layerMuhammad Ahad
 

Was ist angesagt? (20)

Towards Improving Security in VANET: Some New Possible Attacks and their Poss...
Towards Improving Security in VANET: Some New Possible Attacks and their Poss...Towards Improving Security in VANET: Some New Possible Attacks and their Poss...
Towards Improving Security in VANET: Some New Possible Attacks and their Poss...
 
A REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTS
A REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTSA REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTS
A REVIEW OF SELECTED PROPOSALS FOR IMPROVING IDENTITY PRIVACY IN UMTS
 
Mim
MimMim
Mim
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...
A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...
A Study of Sybil and Temporal Attacks in Vehicular Ad Hoc Networks: Types, Ch...
 
A REVIEW ON SYBIL ATTACK DETECTION TECHNIQUES
A REVIEW ON SYBIL ATTACK DETECTION TECHNIQUESA REVIEW ON SYBIL ATTACK DETECTION TECHNIQUES
A REVIEW ON SYBIL ATTACK DETECTION TECHNIQUES
 
Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...
Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...
Effects of Attackers and Attacks on Availability Requirement in Vehicular Net...
 
Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOs
 
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
 
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
A Lightweight Algorithm for Detecting Sybil Attack in Mobile Wireless Sensor ...
 
Real-Time Location Systems Security using Distance Bounding
Real-Time Location Systems Security using Distance BoundingReal-Time Location Systems Security using Distance Bounding
Real-Time Location Systems Security using Distance Bounding
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Le security v0.8
Le security v0.8Le security v0.8
Le security v0.8
 
Survey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
Survey on VSPN: VANET-Based Secure and Privacy-Preserving NavigationSurvey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
Survey on VSPN: VANET-Based Secure and Privacy-Preserving Navigation
 
wireless communication security PPT, presentation
wireless communication security PPT, presentationwireless communication security PPT, presentation
wireless communication security PPT, presentation
 
IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...
IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...
IRJET- Detection of Spoofing and Jamming Attacks in Wireless Smart Grid Netwo...
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 Vulnerabilities
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!
 
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
 
Research by ahad attack on the physical layer
Research by ahad attack on the physical layerResearch by ahad attack on the physical layer
Research by ahad attack on the physical layer
 

Andere mochten auch

Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Trend Micro
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011 Trend Micro
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Ingram Micro Cloud
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 
Regina Technology Innovation Day
Regina Technology Innovation DayRegina Technology Innovation Day
Regina Technology Innovation DayAcrodex
 
Winnipeg Technology Innovation Day
Winnipeg Technology Innovation Day Winnipeg Technology Innovation Day
Winnipeg Technology Innovation Day Acrodex
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloudTrend Micro
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertISSA LA
 
Microsoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenbergMicrosoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenbergISSA LA
 
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015festival ICT 2016
 
Its time to grow up by Eric C.
Its time to grow up by Eric C.Its time to grow up by Eric C.
Its time to grow up by Eric C.ISSA LA
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT frameworkTrend Micro
 
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...festival ICT 2016
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsTrend Micro
 
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...festival ICT 2016
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSTrend Micro
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
 
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...festival ICT 2016
 

Andere mochten auch (20)

Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
Threat predictions 2011
Threat predictions 2011 Threat predictions 2011
Threat predictions 2011
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablow
 
Regina Technology Innovation Day
Regina Technology Innovation DayRegina Technology Innovation Day
Regina Technology Innovation Day
 
Winnipeg Technology Innovation Day
Winnipeg Technology Innovation Day Winnipeg Technology Innovation Day
Winnipeg Technology Innovation Day
 
Who owns security in the cloud
Who owns security in the cloudWho owns security in the cloud
Who owns security in the cloud
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
 
Microsoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenbergMicrosoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenberg
 
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
Lo Zen e l'arte dell'UX Design Mobile - by Synesthesia - festival ICT 2015
 
Its time to grow up by Eric C.
Its time to grow up by Eric C.Its time to grow up by Eric C.
Its time to grow up by Eric C.
 
HBR APT framework
HBR APT frameworkHBR APT framework
HBR APT framework
 
Microsoft
MicrosoftMicrosoft
Microsoft
 
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
Migliorare il cash flow della propria azienda e dei propri clienti: i benefic...
 
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking SystemsCaptain, Where Is Your Ship – Compromising Vessel Tracking Systems
Captain, Where Is Your Ship – Compromising Vessel Tracking Systems
 
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
The Web Advisor: restare vivi e aggiornati nel business digitale - festival I...
 
Skip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWSSkip the Security Slow Lane with VMware Cloud on AWS
Skip the Security Slow Lane with VMware Cloud on AWS
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
 
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
Criticità per la protezione dei dati personali connesse all’utilizzo di dispo...
 

Ähnlich wie Turner.issa la.mobile vulns.150604

IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET Journal
 
GSM Security 101 by Sushil Singh and Dheeraj Verma
GSM Security 101 by Sushil Singh and Dheeraj VermaGSM Security 101 by Sushil Singh and Dheeraj Verma
GSM Security 101 by Sushil Singh and Dheeraj VermaOWASP Delhi
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...IRJET Journal
 
A Wireless Sensor Network ( Wsn )
A Wireless Sensor Network ( Wsn )A Wireless Sensor Network ( Wsn )
A Wireless Sensor Network ( Wsn )Joanna Paulsen
 
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...IOSR Journals
 
Review of authentication techniques for wireless networks & manet
Review of authentication techniques for wireless networks & manetReview of authentication techniques for wireless networks & manet
Review of authentication techniques for wireless networks & maneteSAT Journals
 
Fake BTS Network Vulnerabilities
Fake BTS Network VulnerabilitiesFake BTS Network Vulnerabilities
Fake BTS Network VulnerabilitiesSecurity Gen
 
WCDMA Principles
WCDMA PrinciplesWCDMA Principles
WCDMA PrinciplesAli Ibrahim
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)Mumbai Academisc
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsDR.P.S.JAGADEESH KUMAR
 
SS7: Locate -Track - Manipulate Attack - SPY24™.pdf
SS7: Locate -Track - Manipulate Attack - SPY24™.pdfSS7: Locate -Track - Manipulate Attack - SPY24™.pdf
SS7: Locate -Track - Manipulate Attack - SPY24™.pdfSPY24
 
Energy Efficient and Secure, Trusted network discovery for Wireless Sensor Ne...
Energy Efficient and Secure, Trusted network discovery for Wireless Sensor Ne...Energy Efficient and Secure, Trusted network discovery for Wireless Sensor Ne...
Energy Efficient and Secure, Trusted network discovery for Wireless Sensor Ne...IOSR Journals
 
PERFORMANCE EVALUATION OF WIRELESS SENSOR NETWORK UNDER HELLO FLOOD ATTACK
PERFORMANCE EVALUATION OF WIRELESS SENSOR NETWORK UNDER HELLO FLOOD ATTACKPERFORMANCE EVALUATION OF WIRELESS SENSOR NETWORK UNDER HELLO FLOOD ATTACK
PERFORMANCE EVALUATION OF WIRELESS SENSOR NETWORK UNDER HELLO FLOOD ATTACKIJCNCJournal
 
IRJET- Identification of Vampire Assault in Wireless Sensor Networks
IRJET- Identification of Vampire Assault in Wireless Sensor NetworksIRJET- Identification of Vampire Assault in Wireless Sensor Networks
IRJET- Identification of Vampire Assault in Wireless Sensor NetworksIRJET Journal
 
EFFICIENT DETECTION OF SYBIL ATTACK BASED ON CRYPTOGRAPHY IN VANET
EFFICIENT DETECTION OF SYBIL ATTACK BASED ON CRYPTOGRAPHY IN VANETEFFICIENT DETECTION OF SYBIL ATTACK BASED ON CRYPTOGRAPHY IN VANET
EFFICIENT DETECTION OF SYBIL ATTACK BASED ON CRYPTOGRAPHY IN VANETIJNSA Journal
 
Ijeee 1-2-a tracking system using location prediction and dynamic threshold f...
Ijeee 1-2-a tracking system using location prediction and dynamic threshold f...Ijeee 1-2-a tracking system using location prediction and dynamic threshold f...
Ijeee 1-2-a tracking system using location prediction and dynamic threshold f...Kumar Goud
 
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil ProtectionOpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil ProtectionLuca Bongiorni
 

Ähnlich wie Turner.issa la.mobile vulns.150604 (20)

IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
IRJET- Wireless LAN Intrusion Detection and Prevention System for Malicious A...
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest link
 
GSM Security 101 by Sushil Singh and Dheeraj Verma
GSM Security 101 by Sushil Singh and Dheeraj VermaGSM Security 101 by Sushil Singh and Dheeraj Verma
GSM Security 101 by Sushil Singh and Dheeraj Verma
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
 
A Wireless Sensor Network ( Wsn )
A Wireless Sensor Network ( Wsn )A Wireless Sensor Network ( Wsn )
A Wireless Sensor Network ( Wsn )
 
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
Third-Party Emergency Alert Systems over Cellular Text Messaging Services Pro...
 
Review of authentication techniques for wireless networks & manet
Review of authentication techniques for wireless networks & manetReview of authentication techniques for wireless networks & manet
Review of authentication techniques for wireless networks & manet
 
Fake BTS Network Vulnerabilities
Fake BTS Network VulnerabilitiesFake BTS Network Vulnerabilities
Fake BTS Network Vulnerabilities
 
WCDMA Principles
WCDMA PrinciplesWCDMA Principles
WCDMA Principles
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking Applications
 
SS7: Locate -Track - Manipulate Attack - SPY24™.pdf
SS7: Locate -Track - Manipulate Attack - SPY24™.pdfSS7: Locate -Track - Manipulate Attack - SPY24™.pdf
SS7: Locate -Track - Manipulate Attack - SPY24™.pdf
 
Energy Efficient and Secure, Trusted network discovery for Wireless Sensor Ne...
Energy Efficient and Secure, Trusted network discovery for Wireless Sensor Ne...Energy Efficient and Secure, Trusted network discovery for Wireless Sensor Ne...
Energy Efficient and Secure, Trusted network discovery for Wireless Sensor Ne...
 
PERFORMANCE EVALUATION OF WIRELESS SENSOR NETWORK UNDER HELLO FLOOD ATTACK
PERFORMANCE EVALUATION OF WIRELESS SENSOR NETWORK UNDER HELLO FLOOD ATTACKPERFORMANCE EVALUATION OF WIRELESS SENSOR NETWORK UNDER HELLO FLOOD ATTACK
PERFORMANCE EVALUATION OF WIRELESS SENSOR NETWORK UNDER HELLO FLOOD ATTACK
 
Gsm1
Gsm1Gsm1
Gsm1
 
Ijcet 06 07_001
Ijcet 06 07_001Ijcet 06 07_001
Ijcet 06 07_001
 
IRJET- Identification of Vampire Assault in Wireless Sensor Networks
IRJET- Identification of Vampire Assault in Wireless Sensor NetworksIRJET- Identification of Vampire Assault in Wireless Sensor Networks
IRJET- Identification of Vampire Assault in Wireless Sensor Networks
 
EFFICIENT DETECTION OF SYBIL ATTACK BASED ON CRYPTOGRAPHY IN VANET
EFFICIENT DETECTION OF SYBIL ATTACK BASED ON CRYPTOGRAPHY IN VANETEFFICIENT DETECTION OF SYBIL ATTACK BASED ON CRYPTOGRAPHY IN VANET
EFFICIENT DETECTION OF SYBIL ATTACK BASED ON CRYPTOGRAPHY IN VANET
 
Ijeee 1-2-a tracking system using location prediction and dynamic threshold f...
Ijeee 1-2-a tracking system using location prediction and dynamic threshold f...Ijeee 1-2-a tracking system using location prediction and dynamic threshold f...
Ijeee 1-2-a tracking system using location prediction and dynamic threshold f...
 
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil ProtectionOpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
OpenBTS: Emergency GSM Messaging & Monitoring System for Civil Protection
 

Mehr von ISSA LA

Technical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseTechnical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseISSA LA
 
The savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_laThe savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_laISSA LA
 
Malcolm issa preso june 2015
Malcolm issa preso june 2015Malcolm issa preso june 2015
Malcolm issa preso june 2015ISSA LA
 
La issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranumLa issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranumISSA LA
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mrISSA LA
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604ISSA LA
 
Issa healthcare panel
Issa healthcare panelIssa healthcare panel
Issa healthcare panelISSA LA
 
Irari rules
Irari rulesIrari rules
Irari rulesISSA LA
 
Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation ISSA LA
 
Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!ISSA LA
 
Fssf breach-incident-table-top
Fssf breach-incident-table-topFssf breach-incident-table-top
Fssf breach-incident-table-topISSA LA
 
Healthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prezHealthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prezISSA LA
 
Emerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovarEmerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovarISSA LA
 
Digital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collideDigital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collideISSA LA
 
Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015ISSA LA
 

Mehr von ISSA LA (15)

Technical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defenseTechnical track kevin cardwell-10-00 am-solid-defense
Technical track kevin cardwell-10-00 am-solid-defense
 
The savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_laThe savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_la
 
Malcolm issa preso june 2015
Malcolm issa preso june 2015Malcolm issa preso june 2015
Malcolm issa preso june 2015
 
La issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranumLa issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranum
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mr
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604
 
Issa healthcare panel
Issa healthcare panelIssa healthcare panel
Issa healthcare panel
 
Irari rules
Irari rulesIrari rules
Irari rules
 
Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation
 
Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!
 
Fssf breach-incident-table-top
Fssf breach-incident-table-topFssf breach-incident-table-top
Fssf breach-incident-table-top
 
Healthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prezHealthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prez
 
Emerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovarEmerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovar
 
Digital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collideDigital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collide
 
Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015
 

Kürzlich hochgeladen

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Kürzlich hochgeladen (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Turner.issa la.mobile vulns.150604

  • 1. 1 www.iansresearch.com ©2014 IANS Cellular Network Attacks What the latest vulnerabilities mean for businesses and individuals Aaron Turner – CEO, IntegriCell IANS Research Faculty
  • 2. 2 www.iansresearch.com ©2014 IANS At a Glance  Every network humans have constructed has vulnerabilities  Why should cellular networks be any different?  The base station problem  Localized attacks with significant impacts  The SS7 problem  Global attacks with enormous consequences  How MDM/EMM/MAM are essentially useless playthings when it comes to these vulnerabilities  We’ve got a lot of work to do
  • 3. 3 www.iansresearch.com ©2014 IANS Cellular network architecture overview Operator 1 Operator 2 Operator 3 SS7Network
  • 4. 4 www.iansresearch.com ©2014 IANS A quick cellular network lesson  BTS – Base Transceiver Station  A ‘cell tower’, the point where the cellular network moves from fiber to RF  HLR – Home Location Register  The ‘billing database’ for non-roaming users – what services you’re entitled to  VLR – Visitor Location Register  The ‘billing database’ for roaming users – what services the home operator tells the roaming operator it can offer  SS7 – Signaling System #7  Packet-like network, relies on SIGTRAN (IETF protocol) to transmit messages between Operators  MSC – Mobile Switching Center  Handles the functions of cell-handoff, SS7 interchange (for cell-to- landline calls), SMS services, voice conferencing and billing/charging
  • 5. 5 www.iansresearch.com ©2014 IANS Remember when…  We used to create passive network sniffers?  Just a matter of double- connecting the TX and RX pairs  In the OSI Model – ‘Physical’ attack
  • 6. 6 www.iansresearch.com ©2014 IANS Back to the Future  Imagine cellular RF signals as the new physical attack layer  As copper was to CAT V cable, RF is to cellular  Unfortunately…  Cell phones do not have the integrity controls to assure connection to authorized BTS’  Most cellular subscribers have no idea what the state of their network connection is
  • 7. 7 www.iansresearch.com ©2014 IANS What does this mean?  Your cell phone will gladly connect to any BTS that says it wants to talk to it  The BTS instructs the phone what level of protection the communications must have  Weak or no encryption? Sure thing!  The BTS can terminate, capture, replay or otherwise manipulate anything flowing through the BTS  Yes, even if the BTS is not owned by the authorized operator, an attacker can capture all of the traffic  Voice, SMS & Data
  • 8. 8 www.iansresearch.com ©2014 IANS False BTS Scenario  Theory: Attackers would put their BTS in a cargo van, drive around the attack target and stay mobile  Reality: Attackers are placing their BTS inside of the building, and conducting persistent attacks
  • 9. 9 www.iansresearch.com ©2014 IANS What data can be stolen?  London: Media company’s offices targeted for pre-market access to financial information  Earnings report ‘heads up’ SMS sent to financial reporter  Financial reporter’s service intercepted  Attacker able to gain an advantage in commodities or equities  US: Engineering facilities targeted for product development information  Rapid prototyping teams rely more on their mobile devices than IT infrastructure  Attackers able to gather product development details & scheduling information
  • 10. 10 www.iansresearch.com ©2014 IANS 15 total areas of interest in DC Over 40 alerts in those areas 4 research devices Washington DC Findings
  • 11. 11 www.iansresearch.com ©2014 IANS Bay Area Findings 5 total areas of interest Over 30 firewall alerts 3 research devices 2 networks 2 locations where full intercept capabilities were underway
  • 12. 12 www.iansresearch.com ©2014 IANS BTS Vulnerabilities Bottom Line  Cellular network communications can be easily intercepted  Intercept is a localized attack  Limited to a particular area, based on the strength of the false BTS’ signal  Not necessarily scalable for large-scale attacks  Intercept can be universal or targeted  All devices in a particular area or interceptors can ‘shed’ non- targeted devices and only focus on those of interest  What controls exist?  Baseband firewalls are the best option for false BTS awareness  Beware of software-only offerings, true promiscuous-mode monitoring requires kernel- and driver-level modification of cellular radios
  • 13. 13 www.iansresearch.com ©2014 IANS What’s this SS7 thing?  SS7 is like DNS and SMTP rolled into one system  Allows carriers to perform lookups on subscribers’ status AND  Allows carriers to deliver content to each other on subscriber activity  What could possibly go wrong?  SS7 high-profile examples:  Number portability  SMS one-time-use codes  Subscriber geolocation (criminal investigation, etc.)
  • 14. 14 www.iansresearch.com ©2014 IANS SS7 – Vulnerabilities Overview  Every network operator has SS7 nodes which they have configured as Service Control Points (SCP) and Signaling Gateways (SG)  Perimeter-based protections & controls  Have security perimeters failed in the past?
  • 15. 15 www.iansresearch.com ©2014 IANS What attacks can be run today?  International Roaming Fraud  SIM vendor in country X sells an ‘unlimited roaming’ SIM for country Y  SIM vendor colludes with attackers to toggle the SIM from post-paid to pre-paid and back again  Essentially allows for a free month of roaming  SIM vendor profits, operator in country loses revenues  Bad news for operators… what about for enterprises?
  • 16. 16 www.iansresearch.com ©2014 IANS Subscriber Tracking & Information Disclosure  What if I wanted to track your company’s executives in real time?  Use the information for potential deal-making intelligence  M&A opportunities, etc.  Operators say, “Can’t happen!” VLR/ MSC HLR SS7 interconnect X
  • 17. 17 www.iansresearch.com ©2014 IANS But, the perimeter fails…  Just like with perimeters of the past, they can be bypassed HLR VLR/ MSC SS7 interconnect
  • 18. 18 www.iansresearch.com ©2014 IANS VLR Query Example  Even if the HLR filters request, most of the time the VLR is vulnerable  Operators have hardened their SG’s and HLR’s but not their VLR’s  IMEI and subscriber state (currently in a phone call or not?) can be requested
  • 19. 19 www.iansresearch.com ©2014 IANS SMS Intercept  electronic banking & SMS MFA fraud, made possible by forced re- routing of authentication SMS messages and/or calls to the attacker SS7 interconnect 1 4 HLR XVLR/ MSC SMSC 2. Bank sends text message with mTAN to subscriber A 1. Attacker tells HLR that subscriber A is now logged on to his “network” (updateLocation) 4. SMS is delivered to attacker (mt- ForwardSM) 3. SMSC gets referred to attacker’s “VLR” as destination by HLR (sendRoutingInfoForSM) 2 3 A
  • 20. 20 www.iansresearch.com ©2014 IANS Root cause analysis  Attackers are likely exploiting common cybersecurity vulnerabilities to gain access to SS7 Interconnects  As long as the attacker does not get too greedy or send too many commands through the roaming partner’s SS7 Interconnect, it is very difficult to detect these types of attacks  Attack surface is surprising large: 800 operators in 220 countries http://www.gsma.com/membership/who-are-our-gsma-members/full-membership/ 1. Attacker identifies vulnerable international roaming partner and runs APT-style operation 2. Exploited SS7 Interconnect then used to send commands to target 3. Attacker exploits target SS7 network for fraud or information gathering
  • 21. 21 www.iansresearch.com ©2014 IANS Cellular Network Vulnerabilities The Bottom Line  BTS Vulns:  Enterprises are left with very little control  Deploy baseband firewalls and monitor  SS7 Vulns:  Shift away from SMS-driven authentication  Train executives to leave primary phones behind on sensitive trips  Vendors like Payfone are going to be in a rough situation
  • 22. 22 www.iansresearch.com ©2014 IANS Questions & Comments? Aaron Turner aturner@iansresearch.com Or – connect with me on LinkedIn https://www.linkedin.com/in/aaronrturner