IT-Security

Watching the Watchers - How Surveillance Companies track you using Mobile Networks

Real life experiences from the Location Tracking Wars
chaosstudio-hamburg
Cathal Mc Daid
Every day, surveillance companies attack mobile networks, attempting to track the location of mobile phone users. We will analyze, using real-life data, these surveillance companies’ tactics and show the different ways that users are tracked in the wild over 2G, 3G and 4G networks. For 5G, we describe the critical functions and information elements in the core network that might be targeted by these attackers.
Mobile core signaling networks have been known to have exploitable vulnerabilities for several years. However very little information has been presented on whether these vulnerabilities are being exploited in real-life or not, and if so, how it is being done. This presentation will give first-hand information about how location tracking – the most common form of mobile signaling attack - is being done over multiple types of mobile networks in the wild today. We will start with briefly introducing mobile telecom networks, their known security flaws and how surveillance companies exploit these flaws. Surveillance companies are success oriented and have a toolbox which they use for location tracking of mobile phone users, which is the most common attack. Based on real-life experiences we will describe what “tools” we see in the wild and how they work. We will also describe how attackers optimize attacks based on the target network and technology, and how attacks have changed over time since some mobile operators have begun to put in place protections. We will also show a visualization of how these attacks can happen. Finally, we will make a projection for 5G core networks, and how they will also be targeted by surveillance companies as they are deployed globally over the next few years.

Additional information

Type Talk
Language English

More sessions

12/27/20
IT-Security
Max Aliapoulios
rC2
Ransomware is a type of malware that encrypts the files of infected hosts and demands payment, often in a cryptocurrency such as Bitcoin. In this talk, we present a measurement framework that we used to perform a large-scale, two-year, end-to-end measurement of ransomware payments, victims and operators.
12/27/20
IT-Security
Thomas Roth
rC2
On November 13., Nintendo launched its newest retro console, the Nintendo Game and Watch - but by then it was already hacked! In contrast to the other Nintendo classic consoles (NES & SNES), Nintendo upped their game this time: A locked processor, AES-CTR encrypted flash & co. made it significantly harder to hack it, but in the end it was still hacked - one day before release. This talk walks through the whole process of opening it up, exploiting the firmware up to bringing homebrew to a new ...
12/27/20
IT-Security
Florian Schweitzer
chaosstudio-hamburg
Ein Klick auf einen "Unsubscribe"-Link in einem Newsletter reicht oft aus, damit ein Angreifer eine Rufumleitung bei einer Zielperson einrichten kann. Damit lassen sich etwa die Passwörter von mit der Rufnummer verknüpften Google- oder Microsoft-Accounts zurücksetzen.
12/27/20
IT-Security
chaosstudio-hamburg
Load Value Injection (LVI) is a new class of transient-execution attacks exploiting microarchitectural flaws in modern processors to inject attacker data into a victim program and steal sensitive data and keys from Intel SGX, a secure vault in Intel processors for your personal data.
12/27/20
IT-Security
rC1
After the first unsuccessful deployment of voting machines in Germany about ten years ago, elements of electronic voting have reached elections again. Although there is now still a paper-trail, more and more essential steps, such as counting the votes, are moved into electronic systems. This change in the ballot-counting procedure took place mostly unnoticed by the public. We are two very concerned election workers who present our first-hand experience in this talk. We show that the current ...
12/28/20
IT-Security
jiska
rC2
How secure is the interface between baseband chips and iOS? While this interface should protect against escalations from the baseband into operating system components, its implementation is full of bugs. Fuzzing this interface is not only relevant to security, but also results in various funny effects, since the iPhone looses information about its identity and location, and eventually ends up in a state with a few thousand unread SMS that can no longer be deleted.
12/28/20
IT-Security
Alisa Esage
rC2
State-of-the-art report on Qualcomm DIAG diagnostic protocol research, its modern implementation as it appears in Hexagon basebands, advanced harnessing and reverse-engineering on modern off-the-shelf smartphones.