Author Topic: Interesting article on SS7 vuln as an entry point  (Read 1745 times)

0 Members and 2 Guests are viewing this topic.

Offline dagronk

  • NULL
  • Posts: 4
  • Cookies: -2
    • View Profile
Interesting article on SS7 vuln as an entry point
« on: November 16, 2015, 11:20:57 pm »
Anybody discussed this vuln yet?

SS7 interception
http://www.9jumpin.com.au/show/60minutes/stories/2015/august/phone-hacking/

How Skylock works
https://assets.documentcloud.org/documents/1275167/skylock-product-description-2013.pdf

Make your own IMSI
https://www.youtube.com/watch?v=e8zMaOIk1q4

Or buy one from Alibaba
http://www.alibaba.com/product-detail/tracking-suspect-location-device-IMSI-catcher_60258199529.html?spm=a2700.7724838.30.274.yrM4HA

Entry points
http://www.hackitoergosum.org/2010/HES2010-planglois-Attacking-SS7.pdf

Sorry for posting a bunch of sh!t links but this all made for an interesting read.

Its interesting to think that access to SS7 could be gained by compromising an individual or provider in a third world setting.

I like the sound of "Skylock" too.  Sounds like something that wants to obliterate the human race.
« Last Edit: November 16, 2015, 11:45:31 pm by dagronk »

Offline Nicholai_

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Interesting article on SS7 vuln as an entry point
« Reply #1 on: December 06, 2015, 11:28:25 pm »
Sorry for posting this late on the thread, but this topic is indeed very interesting.

I have been working with mobile communication the past few years, and I'm honestly surprised by the low amount of individuals that has any interest in it.

Playing with SS7 is not really an easy play, at least not in the beginning, even though it might seem.

I'm hoping to get into this forum well, and then I will hopefully write a guide in regard to this topic.

Offline GoodDevil

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Interesting article on SS7 vuln as an entry point
« Reply #2 on: December 09, 2015, 05:21:51 pm »
I would much appreciate a guide ^_^

Offline smithesomething

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Interesting article on SS7 vuln as an entry point
« Reply #3 on: January 08, 2016, 01:32:17 pm »
Hey guys, a bit late to the party on this but I've got a few resources / tutorials that might be useful:


Major area that I also wanted to highlight is that many operators (if not all) use a method of T-IMSI (temporary IMSI) so that the real IMSI is never sent through the network apart from the initial registration on the network. Ideally as marked in the country reports on GSMMap the T-IMSI should be updated for each transaction from the UE.
« Last Edit: January 08, 2016, 01:34:37 pm by smithesomething »