TelcoSecDay 2017 – First Talks Published

Even if the CFP for TelcoSecDay 2017 is officially closed, I am still getting mails in. First of all: thank you for all your great feedback! As the TelcoSecDay is a complimentary and non-public event with highly specialized topics, it only works by sharing knowledge with each other. But please keep in mind that the speaker-slots are limited and I have to make a decision at some point of time.
Anyhow, I am looking forward for a great event and I am proud to publish the first accepted talks:
Continue reading “TelcoSecDay 2017 – First Talks Published”

Continue reading

TelcoSecDay 2017 – CFP Opens

For the 6th year in a row, the next TelcoSecDay will take place in 2017 on March 21th. Again, it will be held one day before Troopers IT-Security Conference as an invitation-only event. For those of you who don’t know the TSD, it is organized by ERNW and is aimed at bringing researchers and people from the telecommunication industry together to discuss about current security weaknesses, challenges and strategies. To do so, various topics will be presented during the talks and there will surely be enough time to follow-up in extensive discussions.
To give you an idea, here’s the TSD 2016 agenda, and here’s the one of 2015.
Continue reading “TelcoSecDay 2017 – CFP Opens”

Continue reading

VoLTE Security Analysis, part 2

In our talk IMSEcure – Attacking VoLTE Brian and me presented some theoretical and practical attacks against IP Multimedia Subsystems (IMS). Some of the attacks already have been introduced in a former blogpost and Ahmad continued with a deeper analysis of the Flooding and targeted DoS scenario. But still, there are some open topics I’d like to continue with now. The methods I am demonstrating here also help to get a better understanding of VoLTE/IMS and how it is implemented on modern smartphones.
Continue reading “VoLTE Security Analysis, part 2”

Continue reading

Area41 Conference 2016

Last Friday, Brian and I were at the  Area41 Security Conference. The conference is a branch of Defcon conference and is more or less a small conference of the Swiss hacker community. Being in a “rock music club”, the speakers presented on a stage where usually the rock stars are performing – which gives the conference a very special flair and an interesting atmosphere. We’ve been at the conference to present our research about VoLTE technology including some attack scenarios we’ve evaluated in the past. More on this later, let’s first talk about the conference itself.
Continue reading “Area41 Conference 2016”

Continue reading

The ULIN Story

Some of you might have noticed the articles, or the leaked manual itself, about a tool called ULIN. ULIN is a “bleeding-edge spy tool” for mobile communication networks. According to the manual, it is aimed to be a surveillance software for agencies (or others with enough money) for tracking and intercepting the Voice Calls and SMS of arbitrary phones. They call this “remote recording and geolocation of mobile handsets using 2G/3G/4G networks”.
Continue reading “The ULIN Story”

Continue reading

Some Notes on Utilizing Telco Networks for Penetration Tests

After a couple of years in pentesting Telco Networks, I’d like to give you some insight into our pentesting methodology and setup we are using for testing “Mobile and Telecommunication Devices”. I am not talking about pentesting professional providers’ equipment (as in previous blogposts), it is about pentesting of devices that have a modem in place like a lot of IoT devices (you know about the fridge having a GSM Modem, right?) do.
Continue reading “Some Notes on Utilizing Telco Networks for Penetration Tests”

Continue reading

Troopers16 – GSM Network

Hello Troopers!

only a few seconds left! As a short reminder, there is a GSM network running on Troopers 2016. It should be available in the whole building. To attend the network you need to

  • Get a SIM Card @Troopers_Desk
  • Put it in your phone
  • Start the phone

That’s it!

You can always dial *#100# to get your phone number. All further information (and a phonebook) you’ll find on, but here again a brief summary:

  • Phonebook
  • Update your name in phonebook via sending your_name to 1000
  • Submit tokens via sending your_token to 1111 (you must register at the terminal first)

Please note, against to our announcement, there is not Internet (GPRS) yet. Due to questions and problems, please contact Kevin Redon or Hendrik Schmidt. Have fun!

Continue reading