Upload
vutruc
View
223
Download
0
Embed Size (px)
Citation preview
TELECOM SYSTEM SECURITY
Ross Anderson’s book “Security Engineering” -
Chapter 20
Computer Security Seminar
Presenter: Boris Krush
31/05/2016
Abusing the System
■ Letters
■ Heliograph
■ Telegraph
2Telecom System SecurityBoris Krush
Getting creative
■ Phone Operators
– Payment verification
– Caller identification
■ Tools To Hack
– A piece of metal
– Call forwarding
– Magic button
3Telecom System SecurityBoris Krush
Getting creative
■ Clip-on
– Students
– Criminals
4Telecom System SecurityBoris Krush
Getting creative
■ Phone phreaking
– Joe Engresia - whistle
– Blue Box
5Telecom System SecurityBoris Krush
We are not alone
■ Fight the “Man”
– Signaling codes
– Switch features
6Telecom System SecurityBoris Krush
Social engineering
■ Calling Cards
– Pay phones
– Long distance calls
■ Premium numbers
7Telecom System SecurityBoris Krush
Unsecured systems
■ Switching and Configuration
– Getting unlisted numbers
– Auto forwarding calls
■ Kevin Poulsen 1985-1988
– Free calling
– Wiretapping and espionage
– Obtaining unlisted numbers
– Winning a Porsche
8Telecom System SecurityBoris Krush
Unsecured systems
■ Insiders
– Fixing the odds
■ Kevin Mitnick
’Companies can spend millions of dollars
toward technological protections and that’s wasted if
somebody can basically
call someone on the telephone and either convince
them to do something on
the computer that lowers the computer’s defenses or
reveals the information
they were seeking’
9Telecom System SecurityBoris Krush
Unsecured systems
■ PBX - private branch exchange
– Dial-through
– Backdoors
■ Attacks examples
– Scotland Yard
– Chinese Gang
– Moldova Scam
– Red Browser Worm
*Kabul
10Telecom System SecurityBoris Krush
Features and services
■ Voicemails and answering machines
– Voicemail
■ Is it Broken?
– Multilingual options
■ Holla!
– Calling without dialing
■ Hide Me
– Call forwarding
■ Skip the bank
– Ringback
■ I'm not Paying
– Conference calls
■ I’m here
11Telecom System SecurityBoris Krush
Mobile Phones Analog (1G)
■ Used analog signals with no real authentication
– The headset sent two serial numbers
■ Equipment serial number
■ Subscriber serial number
– The signal was sent in clear over the air link
■ Almost immediately were created devices to capture and emit this signal
– Call-Sell operation
– Tumblers - multiple identity phones
– Fake base station
12Telecom System SecurityBoris Krush
GSM - Global System for Mobile Communications (2G)
■ Digital technology
– International roaming
– No more cloning
– Securing and protecting the line
■ SIM –Subscriber Identity Module
– PIN - personal identification number
– IMSI - international mobile subscriber identification
– Ki -subscriber authentication key
13Telecom System SecurityBoris Krush
GSM - Global System for Mobile Communications (2G)
■ Vulnerabilities in this protocol
– Unencrypted transmission between BSC and VLR
– Foreign networks can replay the info
– Cramming
■ GSM after effects
– Almost no cloning
– Increase in stealing phones, credit cards and identities
– Prepaid based fraud
– IMSI-catcher
14Telecom System SecurityBoris Krush
Long arm of the low
■ Weakening of encryptions in smaller countries
■ Demanding access to private information and location
■ Deals between phone companies and the government
15Telecom System SecurityBoris Krush
UMTS – Universal Mobile Telecommunications (3G)
■ A few upgrades to the GSM vulnerabilities
– Use of the A5/3 cipher block also known as “Kasumi” instead of the less
secure A5/1,A5/2 cipher blocks witch were used in the GSM security
– Increase in bandwidth from 10kKbit/sec of GSM to 7.2Mbit/sec of 3G
– Two way authentication ,ending the IMSI-catcher vulnerability
16Telecom System SecurityBoris Krush
Billing Mechanisms and their vulnerabilities
■ CDR – Call Detail Record
– Generated only after finishing the call
– Vulnerable to conference call over prepaid fraud
– Dealt by dropping a long lasting call
■ Billing and accounting systems
– Weren’t built to handle real money transactions
– Easy to abuse from the inside
– No appropriate regulations
17Telecom System SecurityBoris Krush
Summery
■ The art of getting paid services for free is an ancient one
■ If security isn’t one of the building blocks, implementing it later will be hard and sometimes useless
■ Sometimes security and government prevent technological improvement
■ As long as human interaction is part of the process ,social engendering can bypass all kinds of security measures
■ Closed and private solutions are easier to break than solutions molded and scrutinized by the public
■ There are two kinds of fools. One says, ‘‘This is old, therefore it is good.’’ The other says, ‘‘This is new, therefore it is better’’
— Dean William Inge
18Telecom System SecurityBoris Krush