DeepSec 2012 Workshop: Attacks on GSM Networks
We are proud to follow the tradition of breaking hardware, software, code, ciphers or protocols. When it comes to mobile phone networks, you can break a lot. The workshop on Attacks on GSM Networks will show you the current state of affairs and some new tricks and developments. The attacks that will be discussed during the training are not theoretical, they are feasible and can be exploited to be used against you. Knowing about the capabilities of your adversaries is absolutely important since virtually no organisation or business runs without the use of mobile networks.
What do you have to expect? Well, attendees will spend about half the time re-visiting the key aspects of GSM’s security features and their publicly known weaknesses. During the other half, attention is being paid to the hands-on practical sessions, where attendees will be walked through how to use the various tools for GSM security analysis like OsmocomBB, OpenBSC, airprobe, SIMtrace and others. All tools will be provided pre-compiled and pre-installed on a USB flash drive with a Linux-based live distribution. Since the GSM equipment will operate with a temporary licence, the tools can be seen in action without the use of heavy electromagnetic shielding or lab simulations. We transmit and receive for real.
The impact of GSM security (or the lack thereof) is very widespread due to the ubiquitous use of GSM-enabled equipment in cars, alarm equipment, sensors, railway communication and other devices that need to phone home or take part in mobile network communication. If you rely on GSM, you should really know that its security measures can be taken out by 15$ worth of equipment. The GSM training will be held by Harald Welte and Dieter Spaar, who are both very active developers and security researchers.