NYM ISSA MEETING Cellular Eavesdropping: an Evidence-based - - PowerPoint PPT Presentation

nym issa meeting
SMART_READER_LITE
LIVE PREVIEW

NYM ISSA MEETING Cellular Eavesdropping: an Evidence-based - - PowerPoint PPT Presentation

Sep 16, 2023 206 likes •539 views

NYM ISSA MEETING Cellular Eavesdropping: an Evidence-based Discussion 12 April 2011 Agenda Information Paths & The IA Security Gap Cellular & Security Eavesdropping Attack Vectors Protection Methods Information Paths On

slide-1
SLIDE 1

NYM ISSA MEETING

Cellular Eavesdropping: an Evidence-based Discussion

12 April 2011

slide-2
SLIDE 2

Agenda

  • Information Paths & The IA Security Gap
  • Cellular & Security
  • Eavesdropping Attack Vectors
  • Protection Methods
slide-3
SLIDE 3

Information Paths

On a transaction, from each party…

  • Executives
  • Boards
  • Bankers
  • Lawyers
  • Consultants
  • Auditors

3 Primary Information Paths

slide-4
SLIDE 4

Information Paths

On a transaction, from each party…

  • Executives
  • Boards
  • Bankers
  • Lawyers
  • Consultants
  • Auditors

Physical

  • Face-to-face meetings
  • Overnight couriers

$

slide-5
SLIDE 5

Information Paths

Data Physical

  • Network protection
  • Equipment protection $$$

On a transaction, from each party…

  • Executives
  • Boards
  • Bankers
  • Lawyers
  • Consultants
  • Auditors
slide-6
SLIDE 6

Information Paths

Data Physical Voice

  • Mobile protection
  • Landline protection ???

On a transaction, from each party…

  • Executives
  • Boards
  • Bankers
  • Lawyers
  • Consultants
  • Auditors
slide-7
SLIDE 7

Cellular & Security

slide-8
SLIDE 8

Typical Cell Call

slide-9
SLIDE 9

Cellular Security

Air link authentication and encryption “Gates, guards and guns”

slide-10
SLIDE 10

Do You Need Additional Security?

  • How sensitive is your information shared on mobile

calls?

  • As with any communications system, information

value/confidentiality dictates the level of security solution required

  • AT&T Mobility and leading carriers around globe can

support any level of mobile security – from normal use to the most sensitive information anywhere

slide-11
SLIDE 11

Eavesdropping Attack Vectors

slide-12
SLIDE 12

Eavesdropping Attack Vectors

slide-13
SLIDE 13

Tower Spoofing

DefCon August 2010 – Las Vegas

  • Phone automatically

connects to strongest signal rogue tower

  • “IMSI catcher” exploits

authentication framework

  • Cost of attack reportedly

$1,500, primarily RF equipment

  • “Bases station” code

downloadable open source

slide-14
SLIDE 14

Voice Intercept Becoming Cheap and Easy

Barriers/Costs to Attack

State Sponsored

Attacker Sophistication

Organized Crime Hackers

Ethical or Otherwise

Any Criminal

Today

slide-15
SLIDE 15

Phishing, Bots, Etc… Already Cheap and Easy

Barriers/Costs to Attack

State Sponsored

Attacker Sophistication

Organized Crime Any Criminal

Today

Hackers

Ethical or Otherwise

slide-16
SLIDE 16

Tower Spoofing

“Meganet's Dominator I snoops on four GSM convos at once, fits in your overnight bag” ~ Engaget

http://www.youtube.com/meganetcorp#p/u/1/1eJ-WGpNQko

slide-17
SLIDE 17

Eavesdropping Attack Vectors

slide-18
SLIDE 18

Illegal Monitoring

  • Passive systems
  • Similar to analogue

scanners

slide-19
SLIDE 19

What do they have in common?

slide-20
SLIDE 20

Eavesdropping Attack Vectors

slide-21
SLIDE 21

Unwanted Foreign Government Surveillance

The Telegraph “Wiretapping is a widespread practice in Italy. Just this week it emerged that both Pope Benedict XVI and Hillary Clinton, the US secretary of state, had been inadvertently taped by Italian investigators.” 10 June 2010

slide-22
SLIDE 22

Eavesdropping Attack Vectors

slide-23
SLIDE 23

Hacker Exploits

Vodafone, Ericsson Get Hung Up In Greece's Phone-Tap Scandal

June 2006

The Athens Affair

How some extremely smart hackers pulled off the most audacious cell-network break-in ever

July 2007

slide-24
SLIDE 24

Hacker Exploits

  • Exploit involves device

targeting via Internet service and ‘broken’ SMS messaging technique

  • Cost of attack reportedly

10 Euros for each of 4 phones

  • Firmware downloadable
  • pen source

Chaos Computer Club December 2010 - Berlin

slide-25
SLIDE 25

Eavesdropping Attack Vectors

slide-26
SLIDE 26

3rd-Party App Exploits

“KSL 5 Investigation: How your cell phone can be used against you”

slide-27
SLIDE 27

Eavesdropping Attack Vectors

slide-28
SLIDE 28

Access at Network Facility

“The 2009 CSI Computer Crime Survey, probably one of the most respected reports covering insider threats, says insiders are responsible for 43 percent of malicious

  • attacks. Twenty-five percent of respondents said that over

60 percent of their losses were due to nonmalicious actions by insiders. I've read many damage assessment reports stating that although insiders are responsible for fewer incidents than are outsiders, insider incidents usually result in more damage. Thus, the CSI data seems credible.” ~ InfoWorld

slide-29
SLIDE 29

Protection

slide-30
SLIDE 30

Encrypted Mobile Voice

Fully integrated hardware, software and service solution from AT&T, SRA and KoolSpan

slide-31
SLIDE 31

Ideal For

  • Incident response
  • Investigations
  • Sensitive transactions
  • Physical safety
  • International travel
  • Untraceable information leaks

MERK Includes

  • 10, 20 and 50 units kits
  • Fully configured
  • Security chip and app
  • Hosted infrastructure
slide-32
SLIDE 32

THANK YOU