I am very happy to announce the second round of talks for the TelcoSecDay 2016. As mentioned in my previous post it will take place on March 15th. All invitations should be out by now; if you think you can contribute to the group and you are willing to join us – please let me know (firstname.lastname@example.org).
Still, not all talks are confirmed but the newly published talks will provide an idea about TSD 2016 and its discussions.
Ravi & Altaf Shaik – Don’t connect to my 4G base station: investigating info leaks in 4G basebands
4G/LTE networks are more secured than the previous generations. This talk discusses a research platform we built using open-source tools to investigate security of 4G/LTE networks and devices in practice. We show how popular smartphones available in the market leak information to a fake base station. In addition, we demonstrate our low-cost 4G/LTE IMSI catcher for the purpose of practical telecommunication security research.
Rahul Sasi – Advance APT Attribution for researchers
One of the biggest challenge and question raised in cybersecurity is “who” attacked your organization and “why”. In our talk we explain how it is possible to attribute the attackers of a targeted APT campaign.
The talk would be based on our analysis on an APT Teams specialized in targeting private organizations using Mobile Malwares . We would explain in our talk how we traced the attackers, identified their infrastructures, tools they used to attack their targets. The talk would help people understanding APT groups targeting private Organization and how the culprits could be tracked. Since the attackers mainly target government contractors and private companies, we would explain the many ways an organization could stop such attacks. The targeted audience of the talk would be anyone who wants to know mobile malware analysis and how to gather Intelligence on Targeted Attacks.
Harald Welte – Open Source Network Elements for Security Analysis of Mobile Networks
For almost 20 years, digital cellular networks have been without Free/Open Source software implementations of any of their protocols or network elements.
In 2008, the two independent and architecturally completely different projects OpenBTS and OpenBSC have changed that for 2G networks. In 2010, they were followed by OsmocomBB, an Open Source implementation of the GSM Mobile Station protocol stack. It is not a coincidence that the above projects were a (if not the) key enabler behind a lot of the cellular technology security research that followed in the years after.
Despite being of such prominent importance for researching (and ultimately improving) cellular security, the mobile industry has not learned from 2G and not taken up the cause to funded or support the development of Open Source reference implementations of later (3G / 4G) protocols and network elements.
Despite the lack of support, the Osmocom project has started an implementation of the 3G core network elements and is actively working towards IuCS, IuPS and Iuh support in OsmoNITB and OsmoSGSN. The first working alpha-versions of this are expected to be available at the end of Q1/2016. Let’s hope they can have an equal impact in spawning cellular security research than the releases of OpenBSC and OsmocomBB in the past.
Furthermore there will also be a talk by Dieter Spaar called “Observations on mobile communication platforms” about security related observations on a few different cellular modules which are frequently used in M2M applications.
Have a great day and see you in Heidelberg!