[Owasp-ireland] a cellphone hack

Brian O'Toole brianotoole at gmail.com
Tue Apr 27 09:03:43 EDT 2010


That looks like it would have been an entertaining talk. There are one or
two issues that I'd have with it though:

1) It's easier (in Ireland at any rate) to access the voice mail box on a
phone - If your number is 08y xxxxxxx you just place a 5 between the third
and fourth digits, saving the messging around with the two simultaneous
calls that they talk about. But, At the same time though, there is a PIN
code that needs to be entered and I didn't see anything in the presentation
around getting past that, so I assume it's based around people leaving the
defaults on.

2) HLRs are being swapped out with HSSs at the moment; which should mitigate
the risk of direct connections to the location register database. (HSSs use
DIAMETER for connections and to the best of my knowledge requires some
amount of Authentication before serving info)

3) A MSC can cover a huge geographical area. I wouldn't be too worried about
someone knowing the MSC that I had connected to, or the MCC, as there are
easier ways to find out that information and (I would feel that) it is too
vague to be useful.

4) Pairing an Identity to the IMSI seemed to be reliant on the target
responding to a missed call & having an un-hidden number. I may have misread
that part, but that seemed to be what they were getting at. I am pretty sure
that Tiger Woods doesn't randomly call back everyone who rings him. Or maybe
he does, or at the very least, maybe he used to. I would imagine he isn't
allowed ring anyone anymore without consulting his Wife first.

Heres a link to the actual presentation (PDF) :
http://sourceconference.com/bos10pubs/carmen.pdf

//Brian

On 27 April 2010 09:59, John Marmelstein <john.marmelstein at gmail.com> wrote:

> Hi Folks,
>
> a cellphone hack...
>
>
> http://threatpost.com/en_us/blogs/researchers-hijack-cell-phone-data-gsm-locations-042110
> _______________________________________________
> Owasp-ireland mailing list
> Owasp-ireland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-ireland
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-ireland/attachments/20100427/757c1b54/attachment.html 


More information about the Owasp-ireland mailing list