telecom security lessons learned or not
play

Telecom Security - lessons learned (or not)? Personal review on the - PowerPoint PPT Presentation

Sep 09, 2022 •159 likes •544 views

Telecom Security - lessons learned (or not)? Personal review on the last 7 years Harald Welte hardwear.io 2015 Keynote Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 1 / 37 About Linux

  1. Telecom Security - lessons learned (or not)? Personal review on the last 7 years Harald Welte hardwear.io 2015 Keynote Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 1 / 37

  2. About Linux Kernel / bootloader / driver / firmware developer since 1999 Former core developer of Linux packet filter netfilter/iptables Comms / Network Security beyond TCP/IP OpenPCD, librfid, libmtrd, OpenBeacon deDECTed.org project Openmoko - FOSS smartphone with focus on security + owner device control OpenBSC as network-side FOSS GSM Stack OsmocomBB - device-side GSM protocol stack + baseband firmware practical security research / testing on baseband side and telecom infrastructure side running a small team at sysmocom GmbH in Berlin, building custom tailored mobile communications technology Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 2 / 37

  3. Disclaimer This presentation is not intended to insult any participant No companies or individuals will be named However, the collective failure of the mobile industry cannot be ignored, sorry. Many of the issues we have today could have been avoided extremely easily, there really is no excuse... Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 3 / 37

  4. Hardware Security? Embedded Security? Terminology / Perspective Many people speak about hardware security but mean embedded systems security Embedded systems today (Android, etc.) are more complex than PCs 10 years ago, so that’s not primarily hardware security but classic software security Actual hardware security (tamper protection, avoiding information leakage via side-channels, preventing glitching, ...) is a very narrow topic, too There’s a lot of deeply-embedded firmware in between, what I consider the area in biggest need of attention. Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 4 / 37

  5. Telecom Security Mobile / Telecom Security Main areas: Phone-side baseband security Air interface security Radio Access Network Security Back-haul network security Core network security Interconnect security Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 5 / 37

  6. Telecom Security Phone-side baseband security Since 2009, there are accessible tools to run your own GSM/GPRS network to attack phones (OsmoBTS, OpenBSC, OsmoSGSN, etc.) baseband exploiting via malformed air interface messages has been shown multiple times during the last 5 years (Ralf-Philipp Weinmann, others) some stack/chip vendors started large-scale security code audits, but by far not the entire industry Still 100% closed/proprietary environment with very limited amount of research/attacks Summary: Some improvement, but a long way to go Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 6 / 37

  7. Telecom Security Air interface security Some operators have rolled out A5/3 encryption Spec is broken and permits semi-active down-grade attacks Industry took 7 years from A5/3 specification to first interop test -> fail. Summary: Nice try, but way too late and way too little Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 7 / 37

  8. Telecom Security Radio Access Network Security Still no standard practise to do penetration testing on BTS, NodeB, eNodeB Equipment makers putting pressure on operator to cancel already scheduled penetration tests! Sometimes there are very basic / superficial tests as part of a tender No single known/documented/public case where an operator or a equipment maker consistently pen-tested all of their equipment Summary: No visible change from 7 years ago Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 8 / 37

  9. Telecom Security Core Network Security See Radio Access Network Security Occasional pen-testing is performed and reveals horrible implementation bugs in affected equipment (MSC/VLR/HLR/SGSN) Summary: No visible change from 7 years ago As all core network elements are software implementatiosn these days, this is 100% a software security topic! Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 9 / 37

  10. Telecom Security Interconnect Security Still no standard practise to have packet filter / firewall / IDS / IPS like functionality for SS7/SIGTRAN interfaces I don’t know of any operator who has any idea about what actually is happening on their roaming interfaces No matter how many clearly suspicious/malicious messages you get from a roaming/interconnect partner, it triggers no alarm Only fraud gets detected from a certain scale onwards and triggers investigation Summary: No visible change from 7 years ago Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 10 / 37

  11. Symptoms Telco vs. Internet-driven IT security mobile industry today has security practises and procedures of the 20th century no proper incident response on RAN/CN no procedures for quick roll-out of new sw releases no requirements for software-upgradeability no interaction with hacker community no packet filtering / DPI / IDS / firewalls on signalling traffic active hostility towards operators who want to do pen-testing attempts to use legal means to stop researchers from publishing their findings this sounds like medieval times. We are in 2015 ?!? Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 11 / 37

  12. Symptoms Real-world quotes Real-world quotes The following slides indicate some quotes that I have heard over the last couple of years from my contacts inside the mobile industry. They are not made up! Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 12 / 37

  13. Symptoms Real-world quotes Quote: Disclosure of Ki/K/OPC "we are sending our IMSI+Key lists as CSV files to the SIM card supplier in China" Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 13 / 37

  14. Symptoms Real-world quotes Quote: RRLP "RRLP? What is that? We never heard about it!" Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 14 / 37

  15. Symptoms Real-world quotes Quote: SIM OTA keys "we have no clue what remote accessible (OTA) features our sim cards have or what kind of keys were used during provisioning" Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 15 / 37

  16. Symptoms Real-world quotes Quote: Malformed "we have never tried to intentionally send any malformed message to any of our equipment" Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 16 / 37

  17. Symptoms Real-world quotes Quote: Roaming "We are seeing TCAP/MAP related attacks/fraud from Operator XYZ in Pakistan. However, it is more important that European travellers can roam into their network than it is for Pakistanis to roam into our network. Can you see while the roaming agreement was only suspended for two days?" Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 17 / 37

  18. Symptoms Real-world quotes Quote: SIGTRAN IPsec "we are unable to mandate from our roaming partners that SIGTRAN links shall always go through IPsec - we don’t even know how to facilitate safe distribution of certificates between operators" Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 18 / 37

  19. Symptoms Real-world quotes Quote: NodeB / IPsec "We mandated IPsec to be used for all of the (e)NodeB back-haul in our tender, the supplier still shipped equipment that didn’t comply to it. Do you think the CEO is going to cancel the contract with them for that?" Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 19 / 37

  20. Symptoms Real-world quotes Quote: Government / independent study "Govt: We put out a tender for a study on overall operator network security in our country. Everyone who put in a bid is economically affiliated or dependent on one of the operators or equipment suppliers, so we knew the results were not worth much." Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 20 / 37

  21. Symptoms Real-world quotes Quote: Technical Staff "15 years ago we still had staff that understood all those details. But today, you know, those experts are expensive - we laid them off." Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 21 / 37

  22. Symptoms Real-world quotes Quote: Baseband chip vendor "We have no clue what version of our protocol stack with what modifications are shipped in which particular phones, or if/when the phone makers distribute updates to the actual phone population" Harald Welte (hardwear.io 2015 Keynote) Telecom Security - lessons learned (or not)? October 2015 22 / 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Protg 2006, July 26th, Stanford I R I S A C 1 R E C Saint-Cyr Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From Ontology Ontology Design Design Ontology Ontology Design Design Jean Andr B

371 views • 12 slides
Lessons Learned from Project 53 on Bio-safety and Bio-security In Central Asian Countries

Lessons Learned from Project 53 on Bio-safety and Bio-security In Central Asian Countries

Funded by the European Union EU CBRN Risk Mitigation Centres of Excellence Lessons Learned from Project 53 on Bio-safety and Bio-security In Central Asian Countries Hendrik Visser 8 th BWC Review Meeting, Geneva, Switzerland, 10 November 2016

163 views • 15 slides
Humans vs Machines: When to Hire and When to Automate Lessons I Have Learned Managed Security

Humans vs Machines: When to Hire and When to Automate Lessons I Have Learned Managed Security

Humans vs Machines: When to Hire and When to Automate Lessons I Have Learned Managed Security Services Fog Creek Data Security Trello Agenda Evaluation Process Purchasing Process Renewal Process What I Would Do Sooner Demos /

356 views • 17 slides
Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 Cloud Security EGI

571 views • 16 slides
Game Theory for Homeland Security: Lessons Learned from Deployed Applications Chr hris is

Game Theory for Homeland Security: Lessons Learned from Deployed Applications Chr hris is

Game Theory for Homeland Security: Lessons Learned from Deployed Applications Chr hris is Kiekint Kiekintveld eld Janus anusz Mar arec ecki ki UTEP UT IBM Watson on Milind ilind Tambe ambe US USC Teamcor eamcore Outline

729 views • 46 slides
Security Safety Interface in Practice Lessons learned from the Swedish joint regulatory

Security Safety Interface in Practice Lessons learned from the Swedish joint regulatory

Security Safety Interface in Practice Lessons learned from the Swedish joint regulatory project Jonas Sjstrm, CPP B.Sc. Security Background to the regulatory situation 2008 Swedish Nuclear Power Inspectorate The new regulatory

388 views • 12 slides
Making the Courseware Fit Lessons Learned Customizing Information Security Education Programs

Making the Courseware Fit Lessons Learned Customizing Information Security Education Programs

Making the Courseware Fit Lessons Learned Customizing Information Security Education Programs Paul Hinkle Founder, SVP Security Education Safelight Security Advisors http://www.securityadvisors.com Introductions Paul Hinkle: a little

689 views • 10 slides
Lessons learned while playing CoreWars8086 Shapira Elad (Zest) | Security Researcher |

Lessons learned while playing CoreWars8086 Shapira Elad (Zest) | Security Researcher |

Lessons learned while playing CoreWars8086 Shapira Elad (Zest) | Security Researcher | 29-6-2014 #Whois Elad Shapira (Zest) Reverser from the Holy Land. Mobile Security Researcher @AVG. Highly passionate for RE, Assembly and

649 views • 61 slides
United Nations Security Council Resolution 1540: Sharing of Experiences, Lessons Learned, &

United Nations Security Council Resolution 1540: Sharing of Experiences, Lessons Learned, &

United Nations Security Council Resolution 1540: Sharing of Experiences, Lessons Learned, & Effective Practices Dana Perkins, PhD 1540 Committee Expert Biological Weapons Convention Meeting of States Parties 9-13 December 2013, Geneva,

567 views • 19 slides
Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio Garcia University of Birmingham Joint work with Roel Verdult, David Oswald, Timo Kasper, Josep Balasch, Baris Ege, Pierre Pavlides The automotive

697 views • 65 slides
Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background SEP 2002 Davis-Besse Lessons Learned Task Force AUG 2004 - Effectiveness Review Lessons Learned Task Force JAN 2005 - EDO Charters

269 views • 22 slides
Under the microscope: Linux security tools Lessons learned from 500+ projects Michael Boelen

Under the microscope: Linux security tools Lessons learned from 500+ projects Michael Boelen

Under the microscope: Linux security tools Lessons learned from 500+ projects Michael Boelen michael.boelen@cisofy.com NLLGG, September 2018 Michael Boelen Open Source Lynis, Rootkit Hunter Business Founder of CISOfy

778 views • 30 slides
Matthew Ken Jordan Jill Miller Director of Planning, Safety, & Security Executive

Matthew Ken Jordan Jill Miller Director of Planning, Safety, & Security Executive

Risk Management for Utilities Lessons Learned from Hurricane Matthew Ken Jordan Jill Miller Director of Planning, Safety, & Security Executive Director Overview I. Preparations II. Response III. Lessons Learned IV.

900 views • 51 slides
Impact of rice research on food security and poverty reduction: Lessons learned from my research at

Impact of rice research on food security and poverty reduction: Lessons learned from my research at

Impact of rice research on food security and poverty reduction: Lessons learned from my research at IRRI Mahabub Hossain Head, Social Sciences Division International Rice Research Institute Presented at IRRI Thursday Seminar Series, IRRI

692 views • 52 slides
OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned

OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned

OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned Jobsite Safety and Health Inspections/Audits better known as; PAPER WORK You hate it, Your safety director requires it, OSHA loves it, Does it

926 views • 35 slides
3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the

3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the

3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the Spanish Registry: Lessons Learned from the Registries o Is It possible (and worthy) to do a national registry? Lessons learned from the o

1.16k views • 43 slides
Project-team OPALE INRIA Sophia-Antipolis Mditerrane and Rhne-Alpes Scientific Themes

Project-team OPALE INRIA Sophia-Antipolis Mditerrane and Rhne-Alpes Scientific Themes

Project-team OPALE Optimization and control, numerical algorithms and integration of complex multidisciplinary systems governed by PDEs Jean-Antoine DESIDERI Project-team OPALE INRIA Sophia-Antipolis Mditerrane and Rhne-Alpes

996 views • 33 slides
Summarization: Overview Ling573 Systems & Applications April 2, 2015 Roadmap

Summarization: Overview Ling573 Systems & Applications April 2, 2015 Roadmap

Summarization: Overview Ling573 Systems & Applications April 2, 2015 Roadmap Deliverable #1 Dimensions of the problem A brief history: Shared tasks & Summarization Architecture of a Summarization system

1.26k views • 91 slides
The Evolution of Nuclear Security: From Sites to Summitry 23rd WiN Global Annual Conference:

The Evolution of Nuclear Security: From Sites to Summitry 23rd WiN Global Annual Conference:

The Evolution of Nuclear Security: From Sites to Summitry 23rd WiN Global Annual Conference: Women in Nuclear Meet Atoms for Peace Ms. Corey Hinderstein Senior Coordinator for the Nuclear Security Summit and Nonproliferation Policy Affairs

605 views • 12 slides
Multivariate Solutions to Emerging Passive DNS Challenges Dr. Paul Vixie, CEO and Dr. Joe St

Multivariate Solutions to Emerging Passive DNS Challenges Dr. Paul Vixie, CEO and Dr. Joe St

Multivariate Solutions to Emerging Passive DNS Challenges Dr. Paul Vixie, CEO and Dr. Joe St Sauver, Scientist 1 Agenda Introduction Passive DNS, Including Times When Passive DNS May Not Work Well Overcoming Obfuscation Pillz

962 views • 47 slides
Structural deficits in Telco security Harald Welte <laforge@gnumonks.org> gnumonks.org

Structural deficits in Telco security Harald Welte <laforge@gnumonks.org> gnumonks.org

Symptoms Causes / Reasons Proposed Solution Structural deficits in Telco security Harald Welte <laforge@gnumonks.org> gnumonks.org hmw-consulting.de sysmocom GmbH March 20, 2012 / TelcoSecDay / Heidelberg Harald Welte

846 views • 36 slides
Jefferson County Sheriffs Office A few slides. Thanks to Sheriff Jeff Shrader Mark

Jefferson County Sheriffs Office A few slides. Thanks to Sheriff Jeff Shrader Mark

Jefferson County Sheriffs Office A few slides. Thanks to Sheriff Jeff Shrader Mark Techmeyer Jenny Fulton, PIO Jefferson County S.O. Staff Our spiritual homes are special places that nourish our souls. Indeed, we take a

1.11k views • 61 slides
ACT-IAC Evolving the Workforce COI July 9, 2020 ACT-IAC Evolving the Workforce COI Leadership

ACT-IAC Evolving the Workforce COI July 9, 2020 ACT-IAC Evolving the Workforce COI Leadership

ACT-IAC Evolving the Workforce COI July 9, 2020 ACT-IAC Evolving the Workforce COI Leadership Team Andrew McCoy, Industry Chair Terri Shaffer, Government Chair Christina Vay, Government Vice-Chair Ronna Garrett, Industry Vice-Chair Robert

389 views • 16 slides
KREONET SOFTWARIZATION - KREONET SD-WAN Deployment based on ONOS- Dongkyun Kim, KISTI

KREONET SOFTWARIZATION - KREONET SD-WAN Deployment based on ONOS- Dongkyun Kim, KISTI

KREONET SOFTWARIZATION - KREONET SD-WAN Deployment based on ONOS- Dongkyun Kim, KISTI mirr@kisti.re.kr Open Networking Summit 2016 Introduction & Background KREONET -S* as the Next KREONET Deployment Status of KREONET -S*

490 views • 25 slides

More recommend