Telecommunications Infrastructure Security_Getting in the SS7 kingdom - hard technology and disturbingly easy hacksto get entry points in the walled garden by Philippe Langlois.pdf

(1436 KB) Pobierz
Telecommunications Infrastructure Security
Getting in the SS7 kingdom: hard
technology and disturbingly easy hacks
to get entry points in the walled garden.
Philippe Langlois, P1 Security Inc.
phil@p1sec.com
SS7 network
Reliability
P1 Security Inc, http://www.p1security.com
Why do we have SS7?
• Thanks to hackers!
Steve Jobs and Steve Wozniak in 1975 with a bluebox
• CCITT#5 in-band signalling sends control messages
over the speech channel, allowing trunks to be
controlled
• Seize trunk (2600) / KP1 or KP2 / destination / ST
• Started in mid-60’s, became popular after Esquire 1971
• Sounds produced by whistles, electronics dialers,
computer programs, recorded tones
P1 Security Inc, http://www.p1security.com
3
How to get in?
ME vuln.
research
OpenBTS
+ crypto
cracking
OpenBSC
FemtoCell
hacking
External
APIs to
HLR:
location,
IMSI
Scanning
and
Hacking
SS7 CN
SMS
injection
HLR/VLR
Home Location Register, Visitor Location Register
AuC
: Authentication Center (within HLR)
EIR
: Equipment Identity Register
Illegal :
SQL Injection? Uhh?
MSC
: Mobile Switching Center
STP
: Signaling Transfer Point (i.e. Router)
Consulting
: Nahh... not possible! (?)
Product
: Yes please!
LIG
: Legal Interception Gateway?
P1 Security Inc, http://www.p1security.com
Under the hood: SS7 stack
P1 Security Inc, http://www.p1security.com

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin