Learn, hack!

URL

http://mirror.fem-net.de/CCC/26C3/mp4/26c3-3555-en-sccp_hacking_attacking_the_ss7_amp_sigtran_applications_one_step_further_and_mapping_the_phone_system.mp4

File name

26c3-3555-en-sccp_hacking_attacking_the_ss7_amp_sigtran_applications_one_step_further_and_mapping_the_phone_system.mp4

File size

639.8 MB

MD5

87e41eddfea2e5d8184c717e8dfe12eb

SHA1

d86695a8f02cac6bfead7de167a4d776627a4e23

SS7 is like TCP/IP in the 1990s. It used to be quite a secure network because nobody outside the organizations (here, the mobile operators and telecom companies) were connected to it. Now it's getting interconnected to new actors which are not that trustworthy. Somehow, hackerdom made SS7 come into existence thanks to the massive use of Blue Boxes. Now, hackerdom is getting its toy back! SS7 is nowaday more and more accessible, and as such increasingly vulnerable. So we're getting exposed to a totally new set of protocols, as secure as TCP/IP in the 1980s. This looks like the Blue Box is coming back to life, in a very different form. Attacking the SS7 network is fun, but there's a world beyond pure SS7: the phone system applications themselves, and most notably what transforms phone numbers into telecom addresses (also known as Point Codes, DPCs and OPCs; Subsystem Numbers, SSNs and other various fun.), and that's called Global Title Translation. Few people actually realize that the numbers they are punching on their phone are actually the same digits that are used for this critical translation function, and translate these into the mythical DPCs, SSNs and IMSIs. More and more data is now going through the phone network, creating more entry point for regular attacks to happen: injections, overflow, DoS by overloading capacities. And we have an ally: the mobile part is opening up, thanks to involuntary support from Motorola, Apple and Android. We'll study all the entry points and the recent progresses in the Telecom security attacks.