Mobile phone networks have penetrated even the most remote areas of the Earth. You can send a tweet from Mount Everest if you like, the cell service is already there. In addition mobile phone networks feature 6 billion subscribers all over the world. Communication by mobile devices has entered the routine of daily life. It’s not all about talking. Smartphone, laptops, tablets and modems access the Internet by mobile phone networks. And as every security specialist knows: If there’s a network, then there are protocols, and these protocols can be attacked. True, it’s not as easy as TCP/IP since mobile phone networks feature sets of more complex protocols. Nevertheless these networks can be accessed, and you cannot block it. This is why you should get in touch with the threats to your organisation. DeepSec 2013 offers a training titled Attacks On GSM Networks held by Harald Welte and Dieter Spaar.
The workshop will give you detailed information about the GSM Um air interface, intended for an audience from an IT security background but with no detailed protocol-level know-how on the GSM Um layers 1, 2 and 3. You will experience an introduction into GSM security aspects such as
- available tools for GSM protocol-level security research and penetration testing,
- GSM security features, their shortcomings and design flaws,
- the lack of state-of-the-art security in GSM baseband software,
- implementation specific problems,
- best practices for GSM operators,
- passive interception and handset geolocation,
- IMSI catchers,
- jammers, including uplink jammers and RACH DoS, and
Given these facts you will most certainly see the Bring Your Own Device (BYOD) concept in a totally different perspective. However the workshop brings its own tools as well. You will get to know Open/Free Source tools for GSM with practical exercises.
- Running your own network using OpenBSC
- Using OsmocomBB as analysis phone on GSM networks
- Using Osmocom SIMtrace for passively tracing the communication between the SIM card and the mobile phone
- Protocol analysis using WireShark
During the course of the training you will get the chance of using the tools with a live mobile network on site. It’s not all just theory. You can see how the tools work in a real network with real mobile clients.
Mobile phone networks are here to stay, and even older standards won’t easily disappear. Once you grasp the concepts you will be able to understand how mobile communication networks work, what their weaknesses are and what tools are available. Tickets for this workshop are limited, so please make sure to book one for you.