Show Posts
1
Mobile Hacking / Re: Interesting article on SS7 vuln as an entry point
« on: January 08, 2016, 01:32:17 pm »
Hey guys, a bit late to the party on this but I've got a few resources / tutorials that might be useful:
Major area that I also wanted to highlight is that many operators (if not all) use a method of T-IMSI (temporary IMSI) so that the real IMSI is never sent through the network apart from the initial registration on the network. Ideally as marked in the country reports on GSMMap the T-IMSI should be updated for each transaction from the UE.
- SS7 Track. Locate. Manipulate. - Tobias Engel Presentation @ 31C3
- SS7map - Laurent Ghigonis and Alexandre De Oliveira Presentation @ 31C3
- GSM Map, discover the different encryption methods etc. in use by operators in your country
- Making an IMSI catcher using a RTL-SDR
- WP on IMSI catchers and how to catch them
Major area that I also wanted to highlight is that many operators (if not all) use a method of T-IMSI (temporary IMSI) so that the real IMSI is never sent through the network apart from the initial registration on the network. Ideally as marked in the country reports on GSMMap the T-IMSI should be updated for each transaction from the UE.