[AusNOG] SS7 hacked on 60 Minutes, an Australian Senators phone tapped from Germany
Shaun McGuane
shaun at rackcentral.com
Wed Aug 19 19:05:05 EST 2015
Hi Steve,
Within regards to the crypto - this is actually quite useless on 2G/GSM.
You setup your IMSI Base station / sniffer and set the encryption to A0 which
means connect with no encryption - 9 times out of 10 phones will just connect
and use the base station anyway.
The phones themselves are quite dumb and let the carrier decide all the settings
each time they connect to a tower or a IMSI base station :)
By law there is supposed to be a warning but all carriers have this disabled as it would
be constantly warning users of unsecured networks when roaming in countries that do
not have crypto enabled.
These warnings would be displayed each time the phone connects to a new tower.
This only works on GSM which is 2G.
Cheers
Shaun
[http://www.rackcentral.com.au/signature/RackCentral.png]
Shaun McGuane | CIO
[http://www.rackcentral.com.au/signature/t.png] +613 9020 3470 [AU]
[http://www.rackcentral.com.au/signature/t.png] +64 9887 7188 [NZ]
[http://www.rackcentral.com.au/signature/e.png] shaun at rackcentral.com<mailto:shaun at rackcentral.com.au>
[http://www.rackcentral.com.au/signature/w.png] www.rackcentral.com<http://www.rackcentral.com.au/>
[http://www.rackcentral.com.au/signature/a.png] Unit 4/82 Trenerry Crescent, Abbotsford, 3067
[http://www.rackcentral.com.au/signature/f.png]
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Steve Phillips
Sent: Wednesday, 19 August 2015 4:29 PM
To: Peter Fern <ausnog at 0xc0dedbad.com>; ausnog at lists.ausnog.net
Subject: Re: [AusNOG] SS7 hacked on 60 Minutes, an Australian Senators phone tapped from Germany
OK, so maybe not $30, but afaik, a hackrf would allow you to have bi-directional communications and pretend to be a cell tower.
Cracking the crypto would be another issue, but I don't think the hardware is the barrier to entry really.
--
Steve.
On 19/08/2015 3:32 pm, Peter Fern wrote:
On 19/08/15 15:28, Steve Phillips wrote:
On 18/08/2015 10:34 pm, Jason Ross wrote:
The IMSI Sniffers are pretty much redundant as they rely on GSM (2G) operation, once phone
Is in 3G or 4G LTE Network it does not work as It is encrypted and the IMSI appears to be 2G only
(The DIY) ones anyway. You can purchase ones for $$$$$$ which work on 3G apparently.
This is my understanding too.
I guess some people see $30 as expensive ;-)
http://hackaday.com/2013/10/22/cracking-gsm-with-rtl-sdr-for-thirty-dollars/
That specifically says GSM though.
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150819/710780d2/attachment.html>
More information about the AusNOG
mailing list