Telecommunications Security Watch - 3

RESEARCH - RCS - Mobile network hacking – All-over-IP edition - SRLabs

• The RCS (Rich Communication Services) is an old standard of the IMS world born in 2007 by the GSMA.
• This standard recently became again a subject of interest when Google in June 2019 announced its intention to use it and deployed it.
• Researchers from SRLabs found some vulnerabilities inside of it like RCS messages intercepts, user tracking, sensitive information leaks, DDoS, etc.
• They’re very clear on the fact that not all deployments are vulnerable, only some.
• Sources:
  • Blog post- SRLabs
  • Presentation Slides - BHEU19

WHITEPAPER - 5G - 5G and the Cloud

• This whitepaper explains the Cloud side of 5G. What’s a CNF, why the Cloud part will be a major component of 5G world.
• There’s some security related informations at the end of this WP pages 45-46.
• Source: WP-PDF: 5G and the Cloud

WHITEPAPER - 5G - ENISA threat landscape for 5G Networks

• This is the ENISA threat landscape for 5G Networks report.
• It contains a sum of useful information on how the ENISA perceives the 5G situation.
• Through a careful analysis of each of 5G functions to a detailed threat analysis and examples, Enisa pave the way to telecommunications providers and give them a first try threat analysis.
• This Whitepaper is a must read for each of telco security department in my humble opinion.
• Source: WP-PDF: ENISA Threat Landscape For 5G Networks

INFORMATION - LEAKS - A Sprint contractor left thousands of US cell phone bills on the internet by mistake

• This reporting by @zackwhittaker inform us that AT&T, Verizon and T-Mobile left an Amazon bucket exposed.
• Source: TechCrunch Article

INFORMATION - BREACH - TrueDialog

• The most interesting part IMHO is “Aside from private text messages, our team discovered millions of account usernames and passwords, PII data of TrueDialog users and their customers, and much more.”
• Source: Rsearcher blog post - VPNMentor

CONFERENCE - BOTNETs - BotConf 2019

• At the beginning of December, the BOTCONF conference was held to present the evolution of botnets and the fight against them.
• The workshops taken place the December 3rd 2019 and the main conference from December 4th to 6th 2019 in Bordeaux, France.
• You can find useful information on the main program page, like presentation slides, papers, etc.
• Source: Botconf Website

New treat before the end of the next week. ;)

Postscriptum

If you spotted errors, missing information or anything you want to report, feel free to contact me on Twitter: @SwitHak

SwitHak