Telecommunications Security Watch - 2
WARNING - Malicious domains registered
- Recently some domains have been registered with the goal to impersonate U.S. telecommunications vendors supports
- Publicly example: ciscosupports[.]com
- Beware of domains like this one, 5G related fraud increased recently
- Source: Kyle Ehmke @kyleehmke
RESEARCH - MALWARE - APT41
- Recordings available for FireEye Cyber Defense Summit talks
- There’s a lot food for thoughts inside it
- Source: APT41: The Unending Game of Thrones
RESEARCH - 5G - VULNERABILITY - 5GReasoner: A Property-Directed Security And Privacy Analysis Framework For 5G Cellular Network Protocol
- Attacks discovered by Syed Rafiul Hussain, Mitziu Echeverria, Imtiaz Karim, Omar Chowdhury, and Elisa Bertino
- Three categories of attacks:
- Attacks on NAS Layer: DoS, over billing, service profiling, location tracking, downgrade from 5G, tracking, Atificial chaos & mass victimization
- Attacks on the RRC Layer: DoS, SUPI catching, Force state change & battery draining
- Cross layers attacks: Location Tracking, stealthy DoS, downgrade from 5G, artificial chaos & mass victimization
- Very interesting research, lacks of integrity in the messages is the most common root-cause of the vulnerabilities.
- GSMA acknowledged the vulnerabilities under the CVD-2019-0029
- Source: 5GReasoner: A Property-Directed Security And Privacy Analysis Framework For 5G Cellular Network Protocol
RESEARCH - 5G - Anatomy of Commercial IMSI Catchers and Detectors
- Research by Shinjo Park, Altaf Shaik, Ravishankar Borgaonkar & Jean-Pierre Seifert
- A state of art on the HOW-TO IMSI catchers works actually & what are their real capabilities.
- Source: Anatomy of Commercial IMSI Catchers and Detectors
RESEARCH - PATENT - SELECTIVE DISABLEMENT OF SIP ENCRYPTION FOR LAWFUL INTERCEPT
- Filled patent by AT&T ROSENBERG WILLIAM HARRY & JARDON MARIO MANUEL
- Abstract: “Systems and methods for selectively disabling encryption for user equipment are disclosed. A technique comprises interrogating a location code of a device authenticated to a network through an encrypted connection and determining whether the location code corresponds to an unencrypted region. If the location code does not correspond to an unencrypted region, the technique comprises registering the device to the network for communication using the encrypted connection. If the location code corresponds to an unencrypted region, the technique comprises sending an intercept challenge to the device to re-authenticate the device to the network, the intercept challenge including parameters to establish an unencrypted connection, receiving re-registration information including unencrypted location information from the device using the unencrypted connection, and registering the device to the network using the unencrypted connection.”
WHITEPAPER - 5G - AT&T Cybersecurity Insights™ Report: Security at the Speed of 5G
- Executive report based on surveys report by AT&T.
- Report on #5G security measures adoptions by enterprises.
- There’s a lot in TODOSs list when we read the survey answers.
- Source: WP-PDF: AT&T Cybersecurity Insights™ Report: Security at the Speed of 5G
INFORMATION - Internet shutdowns
- Internet disrupted in Iran amid fuel protests in multiple cities
- Internet being restored in Iran after week-long shutdown
- The geopolitics behind the routes data travels: a case study of Iran By Loqman Salamatian, Frederick Douzet, Kevin Limonier & Kavé Salamatian
INFORMATION - BREACH - T-MOBILE Wireless Prepaid Accounts
- T-MOBILE revealed it was breached early in November 2019. Attackers were able to access to :
- Name
- Billing address
- Phone number
- Account number
- Rate, plan and calling features
- Sources:
CONFERENCE - WIRELESS - DEFCON 27
- The DEFCON 27 Wireless village conferences are available on YouTube
- Source: Playlist YouTube
Postscriptum
If you spotted errors, missing information or anything you want to report, feel free to contact me on Twitter: @SwitHak
SwitHak