TelcoSecDay 2017 – First Talks Published

Even if the CFP for TelcoSecDay 2017 is officially closed, I am still getting mails in. First of all: thank you for all your great feedback! As the TelcoSecDay is a complimentary and non-public event with highly specialized topics, it only works by sharing knowledge with each other. But please keep in mind that the speaker-slots are limited and I have to make a decision at some point of time.
Anyhow, I am looking forward for a great event and I am proud to publish the first accepted talks:


Automated large-scale detection of rogue base stations: A field report
by Dr. Björn Rupp, Chief Executive Officer, GSMK

A field report from the front lines of mobile security, this talk summarizes over three years of real-world operational experience with a commercially available system for the distributed, automated, large-scale detection of rogue base stations. The talk highlights effective techniques for automated detection, localization, alarming and neutralization of active attacks on mobile communications emanating from rogue base stations, as well as insights into the types of attacks observed, and pitfalls and regional and national peculiarities to watch out for.


Exploring fraud in telephony networks, an illustration with Over-The-Top Bypass
by Merve Sahin & Aurélien Francillon, Eurecom

Telephone networks form the oldest large scale network that has grown to touch over 7 billion people. Telephony is now merging many complex technologies and because numerous services enabled by these technologies can be monetized, telephony attracts a lot of fraud. This talk aims to systematically explore the fraud in telephony networks, by differentiating between the root causes, the vulnerabilities, the exploitation techniques, the fraud types and finally the way fraud benefits to the fraudsters.
As a concrete example, we will present the Over-The-Top (OTT) bypass fraud, where the regular international phone calls (originated from PSTN or cellular networks) are hijacked and terminated over a smartphone application, instead of being terminated over the normal telecom infrastructure. We will evaluate the possible techniques to detect and measure this fraud and analyze its real impact on a small European country through a case study.


You’ll find more information about TelcoSecDay under