[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:09.21,0:00:12.82,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:00:12.82,0:00:16.36,Default,,0000,0000,0000,,Karsten Nohl: Great to be back. Thank you\Nvery much, talking once again on mobile
Dialogue: 0,0:00:16.36,0:00:21.08,Default,,0000,0000,0000,,security, taking two very different\Nangles, though, from what we talked about
Dialogue: 0,0:00:21.08,0:00:26.67,Default,,0000,0000,0000,,the last couple of years. This time we want\Nto dive into the same topic that Tobias
Dialogue: 0,0:00:26.67,0:00:31.89,Default,,0000,0000,0000,,Engel just did, looking at insecurities\Nthat arise from the interconnect networks
Dialogue: 0,0:00:31.89,0:00:38.15,Default,,0000,0000,0000,,between different operators and we want to\Nadd another angle. And that is how YOU
Dialogue: 0,0:00:38.15,0:00:43.19,Default,,0000,0000,0000,,can start self defending yourself from the\Ninsecurities that many of your operators
Dialogue: 0,0:00:43.19,0:00:49.41,Default,,0000,0000,0000,,have left open for many years, including\Nthe new ones that Tobias and myself talk
Dialogue: 0,0:00:49.41,0:00:56.19,Default,,0000,0000,0000,,about. If you do watch this on a download,\Ndo go back and also watch Tobias's talk,
Dialogue: 0,0:00:56.19,0:01:00.11,Default,,0000,0000,0000,,it's well worth it and also covers a lot\Nof the basics that I'm just going to skip
Dialogue: 0,0:01:00.11,0:01:06.32,Default,,0000,0000,0000,,over now for the sake of time. Great talk,\Nby the way. Thank you Tobias. So aside
Dialogue: 0,0:01:06.32,0:01:17.46,Default,,0000,0000,0000,,from. {\i1}applause{\i0} Aside from those SS7\Nbased attacks, we want to talk about 3G
Dialogue: 0,0:01:17.46,0:01:23.78,Default,,0000,0000,0000,,insecurities, not too many of them, but\Nsevere as ever, as well as in the last
Dialogue: 0,0:01:23.78,0:01:30.21,Default,,0000,0000,0000,,chapter. Then a few tips, as well as a new\Ntool to help you start self defending
Dialogue: 0,0:01:30.21,0:01:36.32,Default,,0000,0000,0000,,against these mobile attacks. Now, just\Nbriefly, then, what is the SS7 Network
Dialogue: 0,0:01:36.32,0:01:40.92,Default,,0000,0000,0000,,Tobias has already covered the basics. So\Njust a quick definition from me. It's this
Dialogue: 0,0:01:40.92,0:01:45.89,Default,,0000,0000,0000,,network that different mobile operators\Nare connected to, to exchange data among
Dialogue: 0,0:01:45.89,0:01:51.53,Default,,0000,0000,0000,,each other. For instance, text messages\Nare sent over this network. So without SS7,
Dialogue: 0,0:01:51.53,0:01:57.92,Default,,0000,0000,0000,,you couldn't be using this ancient chatting\Ntechnology SMS. Thank you SS7. But also
Dialogue: 0,0:01:57.92,0:02:05.28,Default,,0000,0000,0000,,more security relevant information is\Nexchanged over SS7. For instance, if you're
Dialogue: 0,0:02:05.28,0:02:10.53,Default,,0000,0000,0000,,using your phone in another country, as\Nmany of you currently do, you still want
Dialogue: 0,0:02:10.53,0:02:15.51,Default,,0000,0000,0000,,this visiting network to be able to use\Nencryption with your phone, but how is that
Dialogue: 0,0:02:15.51,0:02:20.03,Default,,0000,0000,0000,,network going to know the right encryption\Nkey? So this visiting network, the German
Dialogue: 0,0:02:20.03,0:02:24.19,Default,,0000,0000,0000,,network has to ask your home network for\Nthe correct encryption key and that goes
Dialogue: 0,0:02:24.19,0:02:29.70,Default,,0000,0000,0000,,over SS7. And you can already see if\Nthere's cryptographic information being
Dialogue: 0,0:02:29.70,0:02:33.56,Default,,0000,0000,0000,,exchanged, if the wrong people ask and\Nstill receive an answer, insecurities
Dialogue: 0,0:02:33.56,0:02:39.95,Default,,0000,0000,0000,,arise. More interesting from a security\Nperspective, though, are messages that are
Dialogue: 0,0:02:39.95,0:02:46.10,Default,,0000,0000,0000,,exchanged within one network over SS7.\NSo SS7 is often misunderstood as this
Dialogue: 0,0:02:46.10,0:02:50.84,Default,,0000,0000,0000,,technology that's used for worldwide\Nexchange of information. The same network,
Dialogue: 0,0:02:50.84,0:02:54.64,Default,,0000,0000,0000,,though, is used inside an operator. So\Nthere's no need for interconnect. There's
Dialogue: 0,0:02:54.64,0:03:01.29,Default,,0000,0000,0000,,already SS7 flows going on between those\Ndifferent mobile switching centers, MSC.
Dialogue: 0,0:03:01.29,0:03:07.53,Default,,0000,0000,0000,,And each mobile switching center covers\None area, let's say a city. So imagine a
Dialogue: 0,0:03:07.53,0:03:13.34,Default,,0000,0000,0000,,situation where you are. You're in a call\Nand you're traversing from one area to
Dialogue: 0,0:03:13.34,0:03:17.11,Default,,0000,0000,0000,,another. You're crossing, let's say, your\Nstate boundary. So there's new MSC,
Dialogue: 0,0:03:17.11,0:03:21.56,Default,,0000,0000,0000,,doesn't know how to handle your call. It\Nneeds the decryption key for the already
Dialogue: 0,0:03:21.56,0:03:28.61,Default,,0000,0000,0000,,ongoing conversation. So there's another\NSS7 message that allows you to query for
Dialogue: 0,0:03:28.61,0:03:33.65,Default,,0000,0000,0000,,the key of a transaction that's currently\Ngoing on. OK? And again, you can already
Dialogue: 0,0:03:33.65,0:03:38.74,Default,,0000,0000,0000,,see how if the wrong people send this type\Nof message and they receive an answer,
Dialogue: 0,0:03:38.74,0:03:46.73,Default,,0000,0000,0000,,insecurities arise. The insecurity that\Nthat has most been talked about in recent
Dialogue: 0,0:03:46.73,0:03:52.67,Default,,0000,0000,0000,,years, again, up until Tobias's talk, was\Ntracking. And tracking was often understood
Dialogue: 0,0:03:52.67,0:03:57.72,Default,,0000,0000,0000,,as: There's this evil message, the any time\Ninterrogation and The Washington Post
Dialogue: 0,0:03:57.72,0:04:01.62,Default,,0000,0000,0000,,focused a lot an article on just one\Nmessage. And it's a it's really evil. It
Dialogue: 0,0:04:01.62,0:04:06.45,Default,,0000,0000,0000,,should not been I have been ever\Nstandardized. And whenever it's used, it's
Dialogue: 0,0:04:06.45,0:04:12.10,Default,,0000,0000,0000,,for evil purposes. There's no\Nusefulness in this message. And Tobias
Dialogue: 0,0:04:12.10,0:04:16.21,Default,,0000,0000,0000,,quoted a number that I think The\NWashington Post found in a lot of
Dialogue: 0,0:04:16.21,0:04:21.71,Default,,0000,0000,0000,,marketing material, 70 percent of mobile\Nnetworks respond to this message. Now,
Dialogue: 0,0:04:21.71,0:04:26.00,Default,,0000,0000,0000,,this is information from earlier this year.\NA lot of networks, very good news, have
Dialogue: 0,0:04:26.00,0:04:32.77,Default,,0000,0000,0000,,moved to to stop responding to anytime\Ninterrogation message. This evil spying
Dialogue: 0,0:04:32.77,0:04:37.51,Default,,0000,0000,0000,,message is not being responded to by, for\Ninstance, all German networks. You can't
Dialogue: 0,0:04:37.51,0:04:44.46,Default,,0000,0000,0000,,use this message in Germany anymore.\NHowever, this is a very retroactive
Dialogue: 0,0:04:44.46,0:04:51.73,Default,,0000,0000,0000,,approach to securing SS7 because there's a\Nnumber of other messages that, consider them
Dialogue: 0,0:04:51.73,0:04:57.17,Default,,0000,0000,0000,,Gadgets, get you to the same place, take a\Nphone number and take you all the way to
Dialogue: 0,0:04:57.17,0:05:03.44,Default,,0000,0000,0000,,somebody's location. And here's just a\Nsnapshot of of which messages you can use
Dialogue: 0,0:05:03.44,0:05:08.96,Default,,0000,0000,0000,,and Tobias went into a greater level of\Ndetail in how these different messages
Dialogue: 0,0:05:08.96,0:05:13.69,Default,,0000,0000,0000,,come together. So if anybody thinks that\Njust barring anytime integration, you
Dialogue: 0,0:05:13.69,0:05:20.64,Default,,0000,0000,0000,,solved the tracking problem, they are wrong.\NBut at the same time, it's not that SS7 is
Dialogue: 0,0:05:20.64,0:05:26.90,Default,,0000,0000,0000,,not secureable. It's just a much larger\Nchallenge that people consider currently
Dialogue: 0,0:05:26.90,0:05:33.87,Default,,0000,0000,0000,,to be. So you see how stringing\Ntogether some of these messages get you to
Dialogue: 0,0:05:33.87,0:05:39.04,Default,,0000,0000,0000,,intermediate values that also shouldn't be\Npublic and then all the way to a cell ID.
Dialogue: 0,0:05:39.04,0:05:42.85,Default,,0000,0000,0000,,And up until all these messages or at\Nleast every path that takes you from left
Dialogue: 0,0:05:42.85,0:05:49.76,Default,,0000,0000,0000,,to right is blocked by a network, tracking\Nto the same accuracy, to cell ID stays
Dialogue: 0,0:05:49.76,0:05:54.95,Default,,0000,0000,0000,,possible. Now, this is just one of many\Nareas in which SS7 can become an issue.
Dialogue: 0,0:05:54.95,0:06:03.56,Default,,0000,0000,0000,,Here is 4 more, it's an intercept risk.\NIf people can read your SMS text or listen
Dialogue: 0,0:06:03.56,0:06:08.17,Default,,0000,0000,0000,,to your calls, it's a denial of service\Nrisk. If people cut you off from
Dialogue: 0,0:06:08.17,0:06:13.49,Default,,0000,0000,0000,,phone connectivity for anywhere from an\Nhour until the next location update or
Dialogue: 0,0:06:13.49,0:06:19.32,Default,,0000,0000,0000,,until your next reboot your phone, so you\Ncan really cut people off badly from it,
Dialogue: 0,0:06:19.32,0:06:24.56,Default,,0000,0000,0000,,from the phone network. This area of fraud\Nthat I don't think many people want to
Dialogue: 0,0:06:24.56,0:06:29.25,Default,,0000,0000,0000,,talk about publicly, certainly I don't.\NBut there's many fraud risks in SS7
Dialogue: 0,0:06:29.25,0:06:34.09,Default,,0000,0000,0000,,in which you can easily put charges\Non somebody else's bill, or more
Dialogue: 0,0:06:34.09,0:06:39.90,Default,,0000,0000,0000,,interestingly, you can remove limits on\Nyour own prepaid cards, basically run up
Dialogue: 0,0:06:39.90,0:06:46.24,Default,,0000,0000,0000,,infinite charges on prepaid cards and, you\Nknow, running up a lot of bills to a two
Dialogue: 0,0:06:46.24,0:06:50.96,Default,,0000,0000,0000,,to premium numbers, for instance. And then\Nthere's the risk of spamming, which from
Dialogue: 0,0:06:50.96,0:06:55.93,Default,,0000,0000,0000,,what I hear is already happening, SS7\Nbased spam attacks. Now, for the sake of
Dialogue: 0,0:06:55.93,0:07:01.56,Default,,0000,0000,0000,,this talk, I want to focus on intercept,\Nwhich I consider aside from tracking the
Dialogue: 0,0:07:01.56,0:07:06.10,Default,,0000,0000,0000,,most intrusive and the most relevant for\Nus, just as a risk, they're more relevant
Dialogue: 0,0:07:06.10,0:07:09.65,Default,,0000,0000,0000,,for the network operators. And if they\Ndon't solve them, well, so be it, as long
Dialogue: 0,0:07:09.65,0:07:14.47,Default,,0000,0000,0000,,as they foot the bill for it. So\Nintercept. And I want to go into three
Dialogue: 0,0:07:14.47,0:07:21.25,Default,,0000,0000,0000,,possible scenarios in which SS7 assisted\Nintercept can happen. The first abuses
Dialogue: 0,0:07:21.25,0:07:24.72,Default,,0000,0000,0000,,the exact message, as we looked at in the\Nintroduction, these messages where
Dialogue: 0,0:07:24.72,0:07:29.89,Default,,0000,0000,0000,,different parts of networks ask each other\Nfor encryption information and it's a
Dialogue: 0,0:07:29.89,0:07:35.86,Default,,0000,0000,0000,,pretty straightforward attack. You record\Nthe airwaves. Around somebody in
Dialogue: 0,0:07:35.86,0:07:41.13,Default,,0000,0000,0000,,somebody's vicinity and you record\Nsomebody's encrypted transaction as part of
Dialogue: 0,0:07:41.13,0:07:47.05,Default,,0000,0000,0000,,that, right? So and 3G transaction, for\Ninstance, are pretty well secured, but
Dialogue: 0,0:07:47.05,0:07:53.08,Default,,0000,0000,0000,,they're not very hard to record. In fact,\N3G is a little bit easier than 2G because
Dialogue: 0,0:07:53.08,0:07:58.04,Default,,0000,0000,0000,,it doesn't jump around all these\Nfrequencies. So you record, let's say, 3G
Dialogue: 0,0:07:58.04,0:08:02.95,Default,,0000,0000,0000,,data and you have a bunch of transactions.\NAnd all of them encrypted. And you can use
Dialogue: 0,0:08:02.95,0:08:09.94,Default,,0000,0000,0000,,this message over SS7 to decrypt them.\NIt's called Send ID. And as a as I said on
Dialogue: 0,0:08:09.94,0:08:16.13,Default,,0000,0000,0000,,one of the earlier slides, it's supposed\Nto be used when you're moving from one MFC
Dialogue: 0,0:08:16.13,0:08:20.81,Default,,0000,0000,0000,,into another MSC, but still within your\Nown network so that the call doesn't get
Dialogue: 0,0:08:20.81,0:08:27.10,Default,,0000,0000,0000,,disrupted. It's not supposed to be used\Nwhen when somebody foreign wants to
Dialogue: 0,0:08:27.10,0:08:31.78,Default,,0000,0000,0000,,query your phone, if they need a new\Nencryption key, a new call needs to start
Dialogue: 0,0:08:31.78,0:08:36.27,Default,,0000,0000,0000,,anyway. There's no way to hand over a call\Nfrom one operator to another operator
Dialogue: 0,0:08:36.27,0:08:43.21,Default,,0000,0000,0000,,without disruption. So this message is\Nused only for internal purposes. However,
Dialogue: 0,0:08:43.21,0:08:47.78,Default,,0000,0000,0000,,out of the four German operator earlier\Nthis month, all four responded to this
Dialogue: 0,0:08:47.78,0:08:52.10,Default,,0000,0000,0000,,request coming from another country,\Nanother country that doesn't even border
Dialogue: 0,0:08:52.10,0:08:57.17,Default,,0000,0000,0000,,Germany. So there's no way to even\Nconceptually think a call would be handed
Dialogue: 0,0:08:57.17,0:09:03.95,Default,,0000,0000,0000,,over. So four out of four. And that's not\Nan anomaly. Most networks require an
Dialogue: 0,0:09:03.95,0:09:08.94,Default,,0000,0000,0000,,international response to an\Noutside number when asked for the current
Dialogue: 0,0:09:08.94,0:09:14.03,Default,,0000,0000,0000,,decryption key. I'll show you a quick demo\Non this at the end of this chapter.
Dialogue: 0,0:09:14.03,0:09:17.65,Default,,0000,0000,0000,,But I first finish the enumeration of\Nall the different possibilities in which
Dialogue: 0,0:09:17.65,0:09:24.92,Default,,0000,0000,0000,,3G calls can be intercepted. The second\None, the good old IMSI catchers, which we
Dialogue: 0,0:09:24.92,0:09:31.54,Default,,0000,0000,0000,,also wouldn't work on 3G. And I guess for\Nthe most part they don't unless SS7
Dialogue: 0,0:09:31.54,0:09:36.01,Default,,0000,0000,0000,,comes to the help. So why don't they\Nwork without SS7? An IMSI catcher
Dialogue: 0,0:09:36.01,0:09:42.07,Default,,0000,0000,0000,,pretends to be a base station. And if\Nit's 2G technology, the phone has no way
Dialogue: 0,0:09:42.07,0:09:47.72,Default,,0000,0000,0000,,of knowing the difference between the real\Nbase station and a fake base station. But
Dialogue: 0,0:09:47.72,0:09:53.18,Default,,0000,0000,0000,,then 3G, the 3G standard introduced what I\Ncall mutual authentication. So this time
Dialogue: 0,0:09:53.18,0:09:57.63,Default,,0000,0000,0000,,the base station has to prove to a phone\Nthat in fact it's legitimate and unless it
Dialogue: 0,0:09:57.63,0:10:03.53,Default,,0000,0000,0000,,does that, the phone won't connect. Now,\Nthis only solves part of the IMSI catcher
Dialogue: 0,0:10:03.53,0:10:08.53,Default,,0000,0000,0000,,problem. Just taken by the name even the\Ncatching is still possible, IMSI catching
Dialogue: 0,0:10:08.53,0:10:14.66,Default,,0000,0000,0000,,in the sense of creating a list of all the\NIMSIs in a location. Because there's
Dialogue: 0,0:10:14.66,0:10:19.15,Default,,0000,0000,0000,,certain chicken and egg problem.\NIf you want me as a base station to
Dialogue: 0,0:10:19.15,0:10:23.43,Default,,0000,0000,0000,,authenticate to you, you first have to\Ntell me who you are. There's no such thing
Dialogue: 0,0:10:23.43,0:10:28.37,Default,,0000,0000,0000,,as SSL or any type of public key on the\Nmobile network. It's all symmetric key. So
Dialogue: 0,0:10:28.37,0:10:32.90,Default,,0000,0000,0000,,you first have to tell me which key to use\Nand by that I know who you are. So IMSI
Dialogue: 0,0:10:32.90,0:10:36.81,Default,,0000,0000,0000,,catching is always possible. And that's why\Nif you Google for 3G IMSI catcher, those
Dialogue: 0,0:10:36.81,0:10:43.24,Default,,0000,0000,0000,,things exist. But they aren't capable of\Nrecording phone calls or SMS because those
Dialogue: 0,0:10:43.24,0:10:49.08,Default,,0000,0000,0000,,then required a mutual authentication. They\Naren't capable of doing so unless they ask
Dialogue: 0,0:10:49.08,0:10:55.96,Default,,0000,0000,0000,,over SS7 for an authentication key. So\NIMSI catchers are back in the 3G world
Dialogue: 0,0:10:55.96,0:11:05.33,Default,,0000,0000,0000,,big time, unless we solve these SS7\Nproblems, right? The third possibility of
Dialogue: 0,0:11:05.33,0:11:10.88,Default,,0000,0000,0000,,of intercept - this is probably the\Nscariest because it can happen completely
Dialogue: 0,0:11:10.88,0:11:15.47,Default,,0000,0000,0000,,remotely - Boaster once enumerated so far,\Nyou have to be somewhere in the vicinity
Dialogue: 0,0:11:15.47,0:11:19.54,Default,,0000,0000,0000,,in the vicinity of somewhere. So the third\Npossibility, I want to call the rerouting
Dialogue: 0,0:11:19.54,0:11:24.64,Default,,0000,0000,0000,,attacks and they work in both directions.\NRerouting is the idea. And to be as
Dialogue: 0,0:11:24.64,0:11:31.27,Default,,0000,0000,0000,,touched on this, of taking… of taking\Nsomebodies phone calls and changing
Dialogue: 0,0:11:31.27,0:11:36.80,Default,,0000,0000,0000,,the destination number so that, in fact,\Nyou call somebody else unbeknownst to you,
Dialogue: 0,0:11:36.80,0:11:42.59,Default,,0000,0000,0000,,of course, as the victim. And this will\Nexpose for incoming calls and outgoing
Dialogue: 0,0:11:42.59,0:11:46.60,Default,,0000,0000,0000,,calls, but using very different methods.\NSo it just kind of accidentally works in
Dialogue: 0,0:11:46.60,0:11:52.97,Default,,0000,0000,0000,,both directions. And this part, I just\Nbriefly want to demonstrate to BSN that
Dialogue: 0,0:11:52.97,0:11:56.87,Default,,0000,0000,0000,,coordinated on most of this. But this\Npart, I guess we kind of misunderstood
Dialogue: 0,0:11:56.87,0:12:01.87,Default,,0000,0000,0000,,each other as we both showed us. I'll\Nkeep this very brief. And the point I want
Dialogue: 0,0:12:01.87,0:12:07.100,Default,,0000,0000,0000,,to get across is that, one, a single SS7\Nmessage is already a big intercept
Dialogue: 0,0:12:07.100,0:12:15.66,Default,,0000,0000,0000,,problem. Let's see. Connected here. Um, so\NI'll try not to make the same mistake as
Dialogue: 0,0:12:15.66,0:12:26.60,Default,,0000,0000,0000,,Tobias and try to cut off part of my\Nnumber here. So 31C3 demo phone.
Dialogue: 0,0:12:26.60,0:12:32.71,Default,,0000,0000,0000,,So I'm calling a a phone that in fact,\Naccidentally we left in. So … fuck
Dialogue: 0,0:12:32.71,0:12:36.19,Default,,0000,0000,0000,,{\i1} Laughter and applause{\i0}\N{\i1} Ring-back tone starts {\i0}
Dialogue: 0,0:12:36.19,0:12:40.49,Default,,0000,0000,0000,,So I am calling this number and I don't \Nknow if you can hear it, but it's ringing.
Dialogue: 0,0:12:40.49,0:12:43.81,Default,,0000,0000,0000,,And we did leave his phone back in Berlin\Naccidentally. But for the sake of this
Dialogue: 0,0:12:43.81,0:12:48.10,Default,,0000,0000,0000,,demo, that makes no difference. So it's a \Nit's a phone somewhere in Berlin. Nobody
Dialogue: 0,0:12:48.10,0:12:50.91,Default,,0000,0000,0000,,answers to. Here is another phone.
Dialogue: 0,0:12:50.91,0:12:52.00,Default,,0000,0000,0000,,{\i1} Ring-back tone stops {\i0}
Dialogue: 0,0:12:52.00,0:12:54.33,Default,,0000,0000,0000,,So if I if I register what they call a
Dialogue: 0,0:12:54.33,0:13:01.22,Default,,0000,0000,0000,,supplementary service to this number. And \Nthat's just fancy language for, for, for
Dialogue: 0,0:13:01.22,0:13:09.39,Default,,0000,0000,0000,,call forwarding, if I call this exact same\Nnumber again.
Dialogue: 0,0:13:13.76,0:13:16.66,Default,,0000,0000,0000,,{\i1} Ring-back tone starts {\i0}
Dialogue: 0,0:13:16.66,0:13:18.88,Default,,0000,0000,0000,,{\i1} Phone ringing also starts {\i0}
Dialogue: 0,0:13:18.88,0:13:21.14,Default,,0000,0000,0000,,This phone is ringing.
Dialogue: 0,0:13:21.14,0:13:23.93,Default,,0000,0000,0000,,{\i1} Applause {\i0}
Dialogue: 0,0:13:23.93,0:13:25.80,Default,,0000,0000,0000,,{\i1} Both ring-back and ring-tone stop {\i0}
Dialogue: 0,0:13:25.80,0:13:28.06,Default,,0000,0000,0000,,{\i1} Still applause {\i0}
Dialogue: 0,0:13:28.06,0:13:33.12,Default,,0000,0000,0000,,Now, of course, to make this real\Nintercept, I wouldn't forward it to a
Dialogue: 0,0:13:33.12,0:13:37.74,Default,,0000,0000,0000,,phone, I would forward it to a computer\Nthat then is smart enough to very quickly
Dialogue: 0,0:13:37.74,0:13:43.96,Default,,0000,0000,0000,,erase the call forwarding and call the\Noriginal number and then connect it to so
Dialogue: 0,0:13:43.96,0:13:48.26,Default,,0000,0000,0000,,that the phone, the phone call actually\Ngoes to where it was supposed to go. Just
Dialogue: 0,0:13:48.26,0:13:53.45,Default,,0000,0000,0000,,I'm sitting in the middle and I'm\Nreceiving a copy of it. OK, so that's the
Dialogue: 0,0:13:53.45,0:13:57.71,Default,,0000,0000,0000,,idea in this direction, in the other\Ndirection, the exact same thing works as
Dialogue: 0,0:13:57.71,0:14:03.88,Default,,0000,0000,0000,,well. And Tobias already told you how \Nthese services that say, let me rewrite
Dialogue: 0,0:14:03.88,0:14:07.51,Default,,0000,0000,0000,,your phone number for you because you \Ndon't know how to dial a phone number when
Dialogue: 0,0:14:07.51,0:14:12.28,Default,,0000,0000,0000,,you're on vacation. Right. Those services\Ncan be set by anybody, at least on a lot
Dialogue: 0,0:14:12.28,0:14:16.88,Default,,0000,0000,0000,,of networks. And you can see how the exact\Nsame thing works there so that every time
Dialogue: 0,0:14:16.88,0:14:21.43,Default,,0000,0000,0000,,you dial a number that just move their own\Nnumber in place of that number and then
Dialogue: 0,0:14:21.43,0:14:26.91,Default,,0000,0000,0000,,connect those two calls. So, as I said, I\Nconsider those to the scariest type of
Dialogue: 0,0:14:26.91,0:14:30.68,Default,,0000,0000,0000,,attacks because they were completely\Nremotely you don't have to be in the radio
Dialogue: 0,0:14:30.68,0:14:35.14,Default,,0000,0000,0000,,vicinity of anybody. And surprisingly,\Nthis still works against a bunch of
Dialogue: 0,0:14:35.14,0:14:41.69,Default,,0000,0000,0000,,networks, even against those networks that\Nmove to solve some of the earlier issues.
Dialogue: 0,0:14:41.69,0:14:49.28,Default,,0000,0000,0000,,So networks [are] still very retroactive.\NSo what do what do those mobile networks
Dialogue: 0,0:14:49.28,0:14:54.92,Default,,0000,0000,0000,,now have to do to to solve those issues? \NWell, as always, of course, the answer:
Dialogue: 0,0:14:54.92,0:14:59.92,Default,,0000,0000,0000,,It depends. It depends in this case on the\Ntech type. Some of the techs can simply be
Dialogue: 0,0:14:59.92,0:15:05.71,Default,,0000,0000,0000,,blocked. Like the AnytimeInterrogation,\Nthat earlier this year they said 70% of
Dialogue: 0,0:15:05.71,0:15:10.17,Default,,0000,0000,0000,,the networks are vulnerable. Now in\NGermany it's zero. So something happened
Dialogue: 0,0:15:10.17,0:15:16.44,Default,,0000,0000,0000,,there. And the same is true for the for\Nthe first type of attack that I've shown.
Dialogue: 0,0:15:16.44,0:15:20.55,Default,,0000,0000,0000,,The passive intercept I said when we\Ntested earlier this month for other four
Dialogue: 0,0:15:20.55,0:15:27.10,Default,,0000,0000,0000,,networks are vulnerable. Now it's down to\Ntwo. So within two weeks, two networks put
Dialogue: 0,0:15:27.10,0:15:33.97,Default,,0000,0000,0000,,in a firewall rule that says this message\Nhas no purpose. Traversing our outside
Dialogue: 0,0:15:33.97,0:15:39.94,Default,,0000,0000,0000,,network boundary, just block it. The\Ntypical firewall is the same isn't
Dialogue: 0,0:15:39.94,0:15:45.10,Default,,0000,0000,0000,,possible for these other two types of\Nattacks because those messages are
Dialogue: 0,0:15:45.10,0:15:50.55,Default,,0000,0000,0000,,actually useful. They do something, at\Nleast in certain circumstances. If you
Dialogue: 0,0:15:50.55,0:15:55.21,Default,,0000,0000,0000,,block the second type of query here to\Nsend authentication info, you couldn't be
Dialogue: 0,0:15:55.21,0:15:58.93,Default,,0000,0000,0000,,roaming in another country anymore. If you\Nblocked a third one, you couldn't be
Dialogue: 0,0:15:58.93,0:16:04.40,Default,,0000,0000,0000,,changing your your voice mail forwarding\Nfrom another country anymore. So these are
Dialogue: 0,0:16:04.40,0:16:10.39,Default,,0000,0000,0000,,needed. Still we couldn't, we can't accept\Nthat just anybody who asks over SS7 ...
Dialogue: 0,0:16:10.39,0:16:11.99,Default,,0000,0000,0000,,{\i1} Phone ringing {\i0}\N{\i1} Nohl sighs {\i0}
Dialogue: 0,0:16:11.99,0:16:15.66,Default,,0000,0000,0000,,You guys!\N{\i1} Laughter {\i0}
Dialogue: 0,0:16:15.66,0:16:23.75,Default,,0000,0000,0000,,Switched this off. We can't accept\Nthat just anybody who asks over SS7
Dialogue: 0,0:16:23.75,0:16:29.37,Default,,0000,0000,0000,,receives an answer, at the very least\Nwe would expect networks to only answer to
Dialogue: 0,0:16:29.37,0:16:33.50,Default,,0000,0000,0000,,their friends on SS7, and\Nthat is their roaming partners. That's
Dialogue: 0,0:16:33.50,0:16:38.98,Default,,0000,0000,0000,,already a lot fewer companies and\Nespecially a lot fewer sketchy companies
Dialogue: 0,0:16:38.98,0:16:44.79,Default,,0000,0000,0000,,than everybody else on SS7. We would\Nthen want those networks to do some
Dialogue: 0,0:16:44.79,0:16:51.39,Default,,0000,0000,0000,,plausibility checking. Right. So this does\Nphone in Berlin that just put a
Dialogue: 0,0:16:51.39,0:16:56.67,Default,,0000,0000,0000,,supplementary service on. The network\Noperator knows the phone is in Berlin and
Dialogue: 0,0:16:56.67,0:17:02.76,Default,,0000,0000,0000,,I send us from the other end of the world.\NStill, they are not on it. Right. Any type
Dialogue: 0,0:17:02.76,0:17:08.31,Default,,0000,0000,0000,,of possibility checking what would clearly\Nsee that this is not possible for a phone
Dialogue: 0,0:17:08.31,0:17:12.76,Default,,0000,0000,0000,,to be in one country and for this user to\Nwant to change their voicemail setting
Dialogue: 0,0:17:12.76,0:17:17.81,Default,,0000,0000,0000,,from somewhere completely different. And\Nthen thirdly, networks need to limit the
Dialogue: 0,0:17:17.81,0:17:22.02,Default,,0000,0000,0000,,rate at which this happens. Those services\Nthat The Washington Post talked about is
Dialogue: 0,0:17:22.02,0:17:26.24,Default,,0000,0000,0000,,tracking services. These are large\Noperations. They seem to be tracking
Dialogue: 0,0:17:26.24,0:17:33.62,Default,,0000,0000,0000,,thousands of people, constantly. This will\Nshow in logs, you don't allow some random
Dialogue: 0,0:17:33.62,0:17:38.30,Default,,0000,0000,0000,,network somewhere else in the world to\Nconstantly interrogate hundreds of your
Dialogue: 0,0:17:38.30,0:17:44.20,Default,,0000,0000,0000,,users, right? It's clearly abuse. Has any\Nnetwork move to put such sensible rules
Dialogue: 0,0:17:44.20,0:17:48.43,Default,,0000,0000,0000,,in? I'm not aware of it, but it's\Ncertainly the next step. And I'm not ready
Dialogue: 0,0:17:48.43,0:17:54.86,Default,,0000,0000,0000,,to give up on SS7 yet. I've heard one too\Nmany times that SS7 is an old technology
Dialogue: 0,0:17:54.86,0:18:01.39,Default,,0000,0000,0000,,built with no security in mind and we just\Ncan't fix it. The Internet also is an old
Dialogue: 0,0:18:01.39,0:18:06.40,Default,,0000,0000,0000,,technology built was not secured in mind,\Nand we did fix it since the 90s, since
Dialogue: 0,0:18:06.40,0:18:10.68,Default,,0000,0000,0000,,when you connected to Windows 95 computer\Nto the Internet, it got infected with the
Dialogue: 0,0:18:10.68,0:18:16.58,Default,,0000,0000,0000,,virus right away. We have moved to put in\Nfirewalls. We're not exposing our printer
Dialogue: 0,0:18:16.58,0:18:21.19,Default,,0000,0000,0000,,daemon and now file-sharing daemon on the \Nentire Internet anymore for four billion
Dialogue: 0,0:18:21.19,0:18:25.68,Default,,0000,0000,0000,,people to connect to and the same as\Npossible on SS7. Which is, we we're still
Dialogue: 0,0:18:25.68,0:18:34.51,Default,,0000,0000,0000,,in the nineties. Thank you.\N{\i1} Applause {\i0}
Dialogue: 0,0:18:34.51,0:18:38.48,Default,,0000,0000,0000,,Having said that though, let me show you\Nwhat what happens if we don't do that,
Dialogue: 0,0:18:38.48,0:18:46.97,Default,,0000,0000,0000,,the fun part. So. We argued whether or not\Nwe wanted to show this as a live demo.
Dialogue: 0,0:18:46.97,0:18:50.10,Default,,0000,0000,0000,,You'll understand why we don't show it as\Na live demo. There is just too much stuff
Dialogue: 0,0:18:50.10,0:18:54.47,Default,,0000,0000,0000,,that could go wrong. But here's the setup.\NWe start with just a phone number
Dialogue: 0,0:18:54.47,0:19:00.39,Default,,0000,0000,0000,,and we want to string together a couple of\NSS7 gadgets while also having this radio
Dialogue: 0,0:19:00.39,0:19:05.10,Default,,0000,0000,0000,,handy that can capture 3G information to\Ncapture yet more information that's not
Dialogue: 0,0:19:05.10,0:19:10.87,Default,,0000,0000,0000,,available over SS7. Right. So we start\Nwith a phone number and we send what's
Dialogue: 0,0:19:10.87,0:19:18.20,Default,,0000,0000,0000,,called an SRI-for-SM message, which gives\Nus, if the network is configured answer,
Dialogue: 0,0:19:18.20,0:19:26.44,Default,,0000,0000,0000,,the IMSI and the MSI that the subscriber\Ncurrently is connected for. Those two are
Dialogue: 0,0:19:26.44,0:19:31.00,Default,,0000,0000,0000,,used as parameters into another call.\NCalled the PSI message, provide
Dialogue: 0,0:19:31.00,0:19:37.19,Default,,0000,0000,0000,,subscriber info. And then that call then \Ngives us the Cell ID. This is just how
Dialogue: 0,0:19:37.19,0:19:41.44,Default,,0000,0000,0000,,you get more and more information with\Ndifferent gadgets. Now the Cell ID tells
Dialogue: 0,0:19:41.44,0:19:45.84,Default,,0000,0000,0000,,us where somebody is physically. So imagine\Nwe now move our radio to that
Dialogue: 0,0:19:45.84,0:19:54.31,Default,,0000,0000,0000,,location and we again send a PSI. We record\Nthe PSI. We set radio, not the PSI, what
Dialogue: 0,0:19:54.31,0:19:59.78,Default,,0000,0000,0000,,happens over the airways when we send the\NPSI and the phone gets paged. So when we
Dialogue: 0,0:19:59.78,0:20:05.89,Default,,0000,0000,0000,,send the PSI over SS7, the phone receives\Nsome information. Right. This radio plus a
Dialogue: 0,0:20:05.89,0:20:11.07,Default,,0000,0000,0000,,little bit GNU radio scripting gives us\Nthat information: Who has been paged
Dialogue: 0,0:20:11.07,0:20:18.75,Default,,0000,0000,0000,,during that short window of time that we\Nthat we recorded? Now when we record
Dialogue: 0,0:20:18.75,0:20:22.93,Default,,0000,0000,0000,,something on UMTS, we always record for\Ndifferent cells – they share frequencies.
Dialogue: 0,0:20:22.93,0:20:27.42,Default,,0000,0000,0000,,But you see that the one cell with the \NCell ID came back over SS7 is included
Dialogue: 0,0:20:27.42,0:20:33.01,Default,,0000,0000,0000,,in our set. So we filter the data for\Nthat cell and we look for which IMSIs are
Dialogue: 0,0:20:33.01,0:20:36.74,Default,,0000,0000,0000,,included. And luckily for us, only one\NIMSI got paged within those few
Dialogue: 0,0:20:36.74,0:20:43.49,Default,,0000,0000,0000,,seconds on that cell. It's the same. Same.\NThis is now the TMSI that belongs to
Dialogue: 0,0:20:43.49,0:20:48.60,Default,,0000,0000,0000,,this phone. This is information we can't\Nget over SS7. But what you can do over SS7
Dialogue: 0,0:20:48.60,0:20:54.71,Default,,0000,0000,0000,,with the TMSI is request a key, so it gets\Ncomplicated. But so we have the decryption
Dialogue: 0,0:20:54.71,0:21:00.25,Default,,0000,0000,0000,,key now and the next time this phone\Nreceives something, unless it changes the
Dialogue: 0,0:21:00.25,0:21:04.50,Default,,0000,0000,0000,,key, in which case we can ask again for\Na new key. Next time this phone receives
Dialogue: 0,0:21:04.50,0:21:07.28,Default,,0000,0000,0000,,something. And what you don't see in the\Nvideo is, somebody is now sending a text
Dialogue: 0,0:21:07.28,0:21:12.13,Default,,0000,0000,0000,,message to the phone. We can also record\Nthat right. Again, same radio, the one
Dialogue: 0,0:21:12.13,0:21:17.99,Default,,0000,0000,0000,,shown in the picture, now the phone that\Nreceived a text message. And there's a few
Dialogue: 0,0:21:17.99,0:21:26.98,Default,,0000,0000,0000,,more steps. So the phone received a text\Nmessage and we also, again, recorded the
Dialogue: 0,0:21:26.98,0:21:38.63,Default,,0000,0000,0000,,airwaves. We again run it through some GNU\Nradio script. Now, was was UMTS
Dialogue: 0,0:21:38.63,0:21:42.53,Default,,0000,0000,0000,,everything? It is kind of complicated, so\Nthere's a different connection, of
Dialogue: 0,0:21:42.53,0:21:45.78,Default,,0000,0000,0000,,course, happening all at the same time,\Nand then they'll get allocated to
Dialogue: 0,0:21:45.78,0:21:49.100,Default,,0000,0000,0000,,different channels. So now, in order to to\Ndecode this text message, we're going to
Dialogue: 0,0:21:49.100,0:21:55.95,Default,,0000,0000,0000,,find out which channel is used. So this\Ncommand gives us the list of which which
Dialogue: 0,0:21:55.95,0:22:00.91,Default,,0000,0000,0000,,channels have been allocated. And we got\Nto find a TMSI from earlier in one of
Dialogue: 0,0:22:00.91,0:22:06.04,Default,,0000,0000,0000,,these channel allocations. And Wireshark\Nis a great help in this. We didn't have to
Dialogue: 0,0:22:06.04,0:22:11.05,Default,,0000,0000,0000,,do anything with Wireshark. I just knows\Nall that 3G stuff right out of the box. So
Dialogue: 0,0:22:11.05,0:22:14.97,Default,,0000,0000,0000,,luckily, the first of these five\Nconnecting requests is the right one and
Dialogue: 0,0:22:14.97,0:22:19.38,Default,,0000,0000,0000,,scroll all the way down, there's then the\Nparameters that say which channel this
Dialogue: 0,0:22:19.38,0:22:23.92,Default,,0000,0000,0000,,transaction happened on. So those two\Nnumbers, 15 and 48 is the channel. So we,
Dialogue: 0,0:22:23.92,0:22:31.32,Default,,0000,0000,0000,,we need to cell frequency, but we need\Nthose those two two numbers, that, that
Dialogue: 0,0:22:31.32,0:22:36.75,Default,,0000,0000,0000,,are the channel and the key, you know,\Nthis is only 64 bit. I'll discuss that
Dialogue: 0,0:22:36.75,0:22:46.68,Default,,0000,0000,0000,,a little later. And that's all we need to\Ndecrypt an SMS. And there it is.
Dialogue: 0,0:22:46.68,0:22:55.38,Default,,0000,0000,0000,,{\i1} Applause {\i0}\NThank you.
Dialogue: 0,0:22:57.36,0:23:03.54,Default,,0000,0000,0000,,This still works today, but only against\Ntwo out of the four German networks. Some
Dialogue: 0,0:23:03.54,0:23:10.35,Default,,0000,0000,0000,,of them move to to to stop some of these\Nmessages, of course, most importantly,
Dialogue: 0,0:23:10.35,0:23:14.94,Default,,0000,0000,0000,,this SI message that gives you the\Ndecryption key. But even if you block this
Dialogue: 0,0:23:14.94,0:23:22.54,Default,,0000,0000,0000,,message, just acquiring somebody's\Nlocation can already be intrusive enough.
Dialogue: 0,0:23:22.54,0:23:27.39,Default,,0000,0000,0000,,All right. Moving on to 3G security or\Nrather extending on 3G security since this
Dialogue: 0,0:23:27.39,0:23:34.92,Default,,0000,0000,0000,,already touched through 3G in a big way.\NYou remember the good old days where where
Dialogue: 0,0:23:34.92,0:23:40.49,Default,,0000,0000,0000,,you could just intercept all phone calls\Nwas the Osmocon phone. Thank you, by the
Dialogue: 0,0:23:40.49,0:23:45.06,Default,,0000,0000,0000,,way, for that open source project that\Nhelped us so much over the years. And you
Dialogue: 0,0:23:45.06,0:23:52.85,Default,,0000,0000,0000,,combine that with the kraken software to\Ndecrypt the phone call. So with 20 year
Dialogue: 0,0:23:52.85,0:23:57.92,Default,,0000,0000,0000,,old vers of phone and the server you can\Nlisten to anybody's GSM calls as long as
Dialogue: 0,0:23:57.92,0:24:03.94,Default,,0000,0000,0000,,they're using the A5/1 cipher. Some\Nnetworks recently moved into A5/3.
Dialogue: 0,0:24:03.94,0:24:10.72,Default,,0000,0000,0000,,So it doesn't work this way anymore. Now,\Nhow does this now compare to 3G security?
Dialogue: 0,0:24:10.72,0:24:16.04,Default,,0000,0000,0000,,As I've just shown, basically the same\Nattacks are possible. Instead of the
Dialogue: 0,0:24:16.04,0:24:21.42,Default,,0000,0000,0000,,Osmocom phone, we use a programable radio,\Nsome more software, but again, very
Dialogue: 0,0:24:21.42,0:24:26.51,Default,,0000,0000,0000,,affordable 400 euros or\Nsomething. And you combine that using
Dialogue: 0,0:24:26.51,0:24:34.41,Default,,0000,0000,0000,,instead of kraken SS7 queries. So unless\Nwe fix SS7, 3G is no more secure than 2G
Dialogue: 0,0:24:34.41,0:24:41.46,Default,,0000,0000,0000,,and neither is A5/3, the recent\Nupgrade of GSM because those keys are
Dialogue: 0,0:24:41.46,0:24:50.50,Default,,0000,0000,0000,,again exposed over SS7. Now, some\Nnetworks, you don't even need that second
Dialogue: 0,0:24:50.50,0:24:57.56,Default,,0000,0000,0000,,part, so they have bigger things to worry\Nabout and then SS7 attacks and our data
Dialogue: 0,0:24:57.56,0:25:01.92,Default,,0000,0000,0000,,set isn't all that large. Some of you\Nprovided measurements through through a
Dialogue: 0,0:25:01.92,0:25:07.26,Default,,0000,0000,0000,,software release last year. So thank you\Nvery much for that. And we have captures
Dialogue: 0,0:25:07.26,0:25:14.62,Default,,0000,0000,0000,,from maybe 20, 25 countries out of those\Nfive having to use no 3G encryption at
Dialogue: 0,0:25:14.62,0:25:21.20,Default,,0000,0000,0000,,all. Well, four countries. Five network\Noperators. Right. Which I find shocking.
Dialogue: 0,0:25:21.20,0:25:26.25,Default,,0000,0000,0000,,Some of these even have encryption turned\Non on their GSM network and then forgot to
Dialogue: 0,0:25:26.25,0:25:31.22,Default,,0000,0000,0000,,turn it on or deliberately left it out\Nbecause it's harder to intercept on the 3G
Dialogue: 0,0:25:31.22,0:25:38.33,Default,,0000,0000,0000,,variant. Right. So those networks, as I \Nsaid, have much more, much more worrisome
Dialogue: 0,0:25:38.33,0:25:45.35,Default,,0000,0000,0000,,issues than SS7 attacks. And they really\Nneed to be called out. And we do that with
Dialogue: 0,0:25:45.35,0:25:49.66,Default,,0000,0000,0000,,an extension of a website that we've been\Nmaintaining for a couple of years, gsmmap,
Dialogue: 0,0:25:49.66,0:25:55.86,Default,,0000,0000,0000,,big update of gsmmap launched today\Nwith all the 3G measurements, we, we
Dialogue: 0,0:25:55.86,0:26:01.59,Default,,0000,0000,0000,,collected and you collected over the last\Ncouple of years. Now, some of you may have
Dialogue: 0,0:26:01.59,0:26:07.95,Default,,0000,0000,0000,,used gsmmap before. The idea as to to rank\Noperators in the three categories. How
Dialogue: 0,0:26:07.95,0:26:13.51,Default,,0000,0000,0000,,hard is it to intercept phone calls and\NSMS? Is it easy to impersonate a person
Dialogue: 0,0:26:13.51,0:26:17.95,Default,,0000,0000,0000,,and then put charges on a bill, for\Ninstance, or receive the calls? How hard
Dialogue: 0,0:26:17.95,0:26:22.76,Default,,0000,0000,0000,,is it to track them? And as you see, over\Nthe last years, networks have improved
Dialogue: 0,0:26:22.76,0:26:31.22,Default,,0000,0000,0000,,their security, at least some, as always.\NGod. And as you also see, these are the 2G
Dialogue: 0,0:26:31.22,0:26:39.05,Default,,0000,0000,0000,,networks, even the best secure 2G network.\NAnd in Germany anyway, in our opinion, is
Dialogue: 0,0:26:39.05,0:26:44.45,Default,,0000,0000,0000,,less secure than the worst secured 3G\Nnetworks. These are for 3G networks, still
Dialogue: 0,0:26:44.45,0:26:50.40,Default,,0000,0000,0000,,we want networks to implement all security\Nfeatures. And as you saw before, some
Dialogue: 0,0:26:50.40,0:26:57.40,Default,,0000,0000,0000,,other countries don't have that luxury of\Nall 3G secure networks reasonably secure.
Dialogue: 0,0:26:57.40,0:27:01.91,Default,,0000,0000,0000,,Not the first version of our metric is\Nvery crude and we want to improve upon
Dialogue: 0,0:27:01.91,0:27:06.21,Default,,0000,0000,0000,,this over time. But currently how we\Ncalculate the score is we'll give ninety
Dialogue: 0,0:27:06.21,0:27:10.78,Default,,0000,0000,0000,,percent of the points to anybody who\Nswitches on encryption. That's the main
Dialogue: 0,0:27:10.78,0:27:16.33,Default,,0000,0000,0000,,security feature and the remaining 10\Npercent you earn by changing the TMSI
Dialogue: 0,0:27:16.33,0:27:22.15,Default,,0000,0000,0000,,quickly. TMSI is what we needed for these\NSS7 attacks to work well. So if you keep
Dialogue: 0,0:27:22.15,0:27:28.44,Default,,0000,0000,0000,,changing it, it really confuses the that\Nthe person trying to to haunt you also
Dialogue: 0,0:27:28.44,0:27:32.56,Default,,0000,0000,0000,,this makes other types of attacks more\Ndifficult, will factor in a couple of more
Dialogue: 0,0:27:32.56,0:27:38.99,Default,,0000,0000,0000,,values as we collect more data. But this\Nis it for now. So, yeah, big update on
Dialogue: 0,0:27:38.99,0:27:43.88,Default,,0000,0000,0000,,gsmmap. If you haven't checked it out,\Ncheck out your country on gsmmap, read the
Dialogue: 0,0:27:43.88,0:27:52.15,Default,,0000,0000,0000,,country report. So does a six page or so\Nreport, auto generated, that explains what
Dialogue: 0,0:27:52.15,0:27:56.76,Default,,0000,0000,0000,,types of measurements we included into\Ninto these graphs and why we think they
Dialogue: 0,0:27:56.76,0:28:01.53,Default,,0000,0000,0000,,they constitute certain risks. Maybe\Nforward it to to your network and say if
Dialogue: 0,0:28:01.53,0:28:08.87,Default,,0000,0000,0000,,you're not improving, I'm going to change,\Nswitch to another network. Now, not
Dialogue: 0,0:28:08.87,0:28:14.21,Default,,0000,0000,0000,,everything is on, on gsmmap yet because we\Ndon't have enough data. And there's one
Dialogue: 0,0:28:14.21,0:28:19.08,Default,,0000,0000,0000,,problem in particular that I want to start\Nwarning about, because I really think
Dialogue: 0,0:28:19.08,0:28:24.40,Default,,0000,0000,0000,,we're running into an issue here. And that\Nis the lengths of encryption key you saw
Dialogue: 0,0:28:24.40,0:28:29.76,Default,,0000,0000,0000,,in the in the capture, in the video data\Nthat I showed that the key that came back
Dialogue: 0,0:28:29.76,0:28:37.42,Default,,0000,0000,0000,,over SS7 was actually only 64bit from this\Nparticular network. And the SIM card that
Dialogue: 0,0:28:37.42,0:28:41.44,Default,,0000,0000,0000,,was there was used in this attack, was\Nbought that very same week. So we recorded
Dialogue: 0,0:28:41.44,0:28:46.04,Default,,0000,0000,0000,,this video last week. So it's the the most\Nrecent SIM card you can buy from this
Dialogue: 0,0:28:46.04,0:28:51.34,Default,,0000,0000,0000,,network. And still it only uses 64 bit.\NAnd that, in my view, is incompatible with
Dialogue: 0,0:28:51.34,0:28:57.71,Default,,0000,0000,0000,,what we have learned from from recent\NSnowden documents that the NSA in 2011,
Dialogue: 0,0:28:57.71,0:29:06.15,Default,,0000,0000,0000,,2012 funded a project to break A5/3.\NThis is a 64 bit cipher. And we had
Dialogue: 0,0:29:06.15,0:29:09.92,Default,,0000,0000,0000,,estimated at this very conference a year\Nago that you'd need about a million
Dialogue: 0,0:29:09.92,0:29:14.76,Default,,0000,0000,0000,,dollars to break A5/3. Now, they\Ndid it a little bit earlier. So Moore's
Dialogue: 0,0:29:14.76,0:29:19.30,Default,,0000,0000,0000,,Law, everything's more expensive and\Nprobably to have overhead, too. But they
Dialogue: 0,0:29:19.30,0:29:25.00,Default,,0000,0000,0000,,spend apparently four billion pounds. I\Ndon't know why pound, not dollars, but it
Dialogue: 0,0:29:25.00,0:29:31.20,Default,,0000,0000,0000,,may have been some GCHQ Corporation. So\Nfor four million pound a couple of years
Dialogue: 0,0:29:31.20,0:29:36.79,Default,,0000,0000,0000,,ago, you could already break 64 bit crypto and\N64 bit is more prevalent in mobile
Dialogue: 0,0:29:36.79,0:29:44.50,Default,,0000,0000,0000,,networks than you would have thought when\Nthey upgraded the GSM networks to A5/3.
Dialogue: 0,0:29:44.50,0:29:49.34,Default,,0000,0000,0000,,They didn't actually upgraded it to UMTS\Nsecurity, as everybody claimed they did.
Dialogue: 0,0:29:49.34,0:29:57.77,Default,,0000,0000,0000,,They upgraded it to the cipher used in\NUMTS with a key half the size. When
Dialogue: 0,0:29:57.77,0:30:02.96,Default,,0000,0000,0000,,writing the A5/3 standards though, the \Npeople were smart enough to also put in
Dialogue: 0,0:30:02.96,0:30:10.67,Default,,0000,0000,0000,,the real UMTS cipher with full key size, \Nthey called it A5/4 and it has never
Dialogue: 0,0:30:10.67,0:30:15.03,Default,,0000,0000,0000,,been seen anywhere since. It's written in \Nthe standard. It was released the same day
Dialogue: 0,0:30:15.03,0:30:20.96,Default,,0000,0000,0000,,that A5/3 was released. Nobody has ever\Nmoved to implement that. So GSM for the
Dialogue: 0,0:30:20.96,0:30:26.05,Default,,0000,0000,0000,,time being is and will be vulnerable to\Nanybody. It was a one million dollar
Dialogue: 0,0:30:26.05,0:30:30.91,Default,,0000,0000,0000,,machine in the basement. Certainly NSA,\Nbut more and more people as we move
Dialogue: 0,0:30:30.91,0:30:34.57,Default,,0000,0000,0000,,forward. And what costs a million dollars\Ntoday, thanks to Moore's Law in a couple
Dialogue: 0,0:30:34.57,0:30:40.87,Default,,0000,0000,0000,,of years, anybody can break it on a\Ncomputers like we today. Break the A5/1.
Dialogue: 0,0:30:40.87,0:30:45.65,Default,,0000,0000,0000,,If your network uses certain older\NSIM cards, differentiation years between a
Dialogue: 0,0:30:45.65,0:30:52.53,Default,,0000,0000,0000,,SIM card and a USIM as a UMTS SIM card.\NIf your network only uses SIM cards, then
Dialogue: 0,0:30:52.53,0:30:59.59,Default,,0000,0000,0000,,even your 3G transactions are 64 bit\Nencrypted. So there is no way to generate
Dialogue: 0,0:30:59.59,0:31:02.96,Default,,0000,0000,0000,,more entropy. You could query for two\Nkeys, I guess, but they weren't smart
Dialogue: 0,0:31:02.96,0:31:10.73,Default,,0000,0000,0000,,enough to do that. So 64 bit encryption\Nfor UMTS and that's just not good enough.
Dialogue: 0,0:31:10.73,0:31:15.31,Default,,0000,0000,0000,,And as I said, the network that we did \Nthe demo with we were surprised to see a
Dialogue: 0,0:31:15.31,0:31:20.70,Default,,0000,0000,0000,,64 bit key. We went back in our database\Nof SIM cards. We found a lot of SIM cards
Dialogue: 0,0:31:20.70,0:31:25.03,Default,,0000,0000,0000,,that have this problem. We want to add\Nthis to gsmmap, but we don't want to be
Dialogue: 0,0:31:25.03,0:31:29.21,Default,,0000,0000,0000,,unfair just because we see one very old SIM \Ncard in the network. We don't want to give
Dialogue: 0,0:31:29.21,0:31:32.99,Default,,0000,0000,0000,,them a low score versus somebody else,\Nwhere we only see a new card. So we need
Dialogue: 0,0:31:32.99,0:31:38.60,Default,,0000,0000,0000,,lots and lots of data. Help us collect \Nthose data and we'll make it public.
Dialogue: 0,0:31:38.60,0:31:44.34,Default,,0000,0000,0000,,Now, that's one reason why we stay on this\Nball and progress the research. The other
Dialogue: 0,0:31:44.34,0:31:49.40,Default,,0000,0000,0000,,main reason, and this is really what keeps\Nus awake at night is this question of
Dialogue: 0,0:31:49.40,0:31:57.12,Default,,0000,0000,0000,,how can we get out of the mess. We've been\Nproducing more and more problems. I should
Dialogue: 0,0:31:57.12,0:32:02.68,Default,,0000,0000,0000,,not say produce, we make you aware of more\Nand more problems over the years and we
Dialogue: 0,0:32:02.68,0:32:06.57,Default,,0000,0000,0000,,always criticize that at least many\Nnetworks do not respond to those. So we
Dialogue: 0,0:32:06.57,0:32:11.86,Default,,0000,0000,0000,,have to stockpile ever growing stockpile\Nof mobile security issues and nobody seems
Dialogue: 0,0:32:11.86,0:32:15.89,Default,,0000,0000,0000,,to be addressing. And all we do is wait\Nfor our networks to do something
Dialogue: 0,0:32:15.89,0:32:20.63,Default,,0000,0000,0000,,eventually. Now waiting's over for me, at\Nleast I'm impatient. I want to do
Dialogue: 0,0:32:20.63,0:32:25.79,Default,,0000,0000,0000,,something now and I want to address all\Nthese issues all at once. Those issues
Dialogue: 0,0:32:25.79,0:32:31.17,Default,,0000,0000,0000,,that we talked about for several years\Nnow, including the SIM card attacks from
Dialogue: 0,0:32:31.17,0:32:39.74,Default,,0000,0000,0000,,last year, silent SMS based tracking the\NSMS, the SS7 abuse discussed today,
Dialogue: 0,0:32:39.74,0:32:46.34,Default,,0000,0000,0000,,IMSI Catcher Vulnerabilities and\Ninsufficiently configured networks, 2G as
Dialogue: 0,0:32:46.34,0:32:53.25,Default,,0000,0000,0000,,well as 3G. All of these problems have one\Nthing in common. Your phone technically
Dialogue: 0,0:32:53.25,0:32:58.27,Default,,0000,0000,0000,,knows that these attacks are happening and\Nyour phone technically knows that a
Dialogue: 0,0:32:58.27,0:33:03.100,Default,,0000,0000,0000,,network is configured insecurely. But\Nunfortunately it's buried very deep inside
Dialogue: 0,0:33:03.100,0:33:07.87,Default,,0000,0000,0000,,the phone. It's buried inside the\Nbaseband. So as much as you can program
Dialogue: 0,0:33:07.87,0:33:12.26,Default,,0000,0000,0000,,Android, you don't get access to that\Ninformation. At least so we saw it and
Dialogue: 0,0:33:12.26,0:33:16.77,Default,,0000,0000,0000,,then we set out and just took the better\Npart of this year. We wanted to dig the
Dialogue: 0,0:33:16.77,0:33:21.02,Default,,0000,0000,0000,,information out from these phones. It's\Nsomewhere in there. There must be some way
Dialogue: 0,0:33:21.02,0:33:27.32,Default,,0000,0000,0000,,to hack it out of it. And we found debug\Npossibilities for Qualcomm chipsets, just
Dialogue: 0,0:33:27.32,0:33:31.31,Default,,0000,0000,0000,,one vendor, but extremely popular. Right\Nnow. There seem to be in every LTE phone
Dialogue: 0,0:33:31.31,0:33:36.81,Default,,0000,0000,0000,,and in a bunch of other phones. And we\Nfound, we found ways of producing exactly
Dialogue: 0,0:33:36.81,0:33:42.54,Default,,0000,0000,0000,,all the data on the right hand side to\Nmake it accessible through an Android
Dialogue: 0,0:33:42.54,0:33:48.06,Default,,0000,0000,0000,,application. And we also wrote an\Napplication for you. So: Release today.
Dialogue: 0,0:33:48.06,0:33:57.70,Default,,0000,0000,0000,,{\i1}Applause{\i0}
Dialogue: 0,0:33:57.70,0:34:05.14,Default,,0000,0000,0000,,Thank you, released today, SnoopSnitch\Nunder GPL. A tool that collects all the
Dialogue: 0,0:34:05.14,0:34:09.86,Default,,0000,0000,0000,,baseband information mostly to keep it\Non the phone and run some analysis on it,
Dialogue: 0,0:34:09.86,0:34:15.32,Default,,0000,0000,0000,,warn you about, as I said, SIM card\Nattacks, but also those SS7 attacks that
Dialogue: 0,0:34:15.32,0:34:19.75,Default,,0000,0000,0000,,Tobias and I talked about today. How do\Nyou take those those attacks? Well, by the
Dialogue: 0,0:34:19.75,0:34:24.82,Default,,0000,0000,0000,,pagings, I showed you in the video\Nthat every time we send certain queries to
Dialogue: 0,0:34:24.82,0:34:30.17,Default,,0000,0000,0000,,the phone, to, over SS7, that the phone\Nactually also receives information useful
Dialogue: 0,0:34:30.17,0:34:35.12,Default,,0000,0000,0000,,for the attacker. Also useful for the\Ndefender. If those empty pagings, we call
Dialogue: 0,0:34:35.12,0:34:38.99,Default,,0000,0000,0000,,them, are received by the phone, strong\Nevidence that somebody is messing with you
Dialogue: 0,0:34:38.99,0:34:46.89,Default,,0000,0000,0000,,over SS7. Right. So it collects all that\Ninformation and it produces warnings. You
Dialogue: 0,0:34:46.89,0:34:52.62,Default,,0000,0000,0000,,can also upload information issues, so you\Nchoose. It's optional of course, it runs,
Dialogue: 0,0:34:52.62,0:34:57.31,Default,,0000,0000,0000,,as I said, on a bunch of Android phones\Nthat are currently popular. It requires a
Dialogue: 0,0:34:57.31,0:35:01.60,Default,,0000,0000,0000,,somewhat recent Android version we haven't\Ntested was Android 5 yet, but I don't
Dialogue: 0,0:35:01.60,0:35:05.17,Default,,0000,0000,0000,,see why it wouldn't work, though. We just\Nhave to put the time and your phone needs
Dialogue: 0,0:35:05.17,0:35:11.24,Default,,0000,0000,0000,,to be routed. So we have access to a\Ncertain interface that otherwise is not
Dialogue: 0,0:35:11.24,0:35:16.27,Default,,0000,0000,0000,,accessible. And it needs of course, a\NQualcomm chipset, which, as you see by
Dialogue: 0,0:35:16.27,0:35:21.65,Default,,0000,0000,0000,,this list, is in most current flagship\Nphones. It's on Google Play right now. So
Dialogue: 0,0:35:21.65,0:35:29.08,Default,,0000,0000,0000,,download it if you're interested. Now, how\Ndoes this tool work? One example only, of
Dialogue: 0,0:35:29.08,0:35:34.50,Default,,0000,0000,0000,,course, right, read the source code if you\Nif you want to know the rest. If you, for
Dialogue: 0,0:35:34.50,0:35:38.75,Default,,0000,0000,0000,,instance, IMSI catcher detection. There\Nhave been a bunch of tools so far to do
Dialogue: 0,0:35:38.75,0:35:43.98,Default,,0000,0000,0000,,IMSI catcher detection. The one we released\Na couple of years ago was called CatcherCatcher,
Dialogue: 0,0:35:43.98,0:35:49.74,Default,,0000,0000,0000,,but it had two limitations. One\Npractical, one more bound to experience.
Dialogue: 0,0:35:49.74,0:35:54.79,Default,,0000,0000,0000,,The practical limitation was that it ran\Non Osmocom phones and Osmocom phones can't
Dialogue: 0,0:35:54.79,0:35:59.12,Default,,0000,0000,0000,,do most phone functionality. So always\Nyour second phone? And it had to be
Dialogue: 0,0:35:59.12,0:36:03.35,Default,,0000,0000,0000,,connected to a computer. So very unlikely\Nthat you carried this around all the time.
Dialogue: 0,0:36:03.35,0:36:07.41,Default,,0000,0000,0000,,And we wanted to move it onto a real phone\Nthat you can use onto your phone. Right? I
Dialogue: 0,0:36:07.41,0:36:11.69,Default,,0000,0000,0000,,think we succeeded in that. The second\Nlimitation was that we really didn't know
Dialogue: 0,0:36:11.69,0:36:16.44,Default,,0000,0000,0000,,how IMSI catchers behaved or we also\Ndidn't know how real networks behaved. And
Dialogue: 0,0:36:16.44,0:36:20.64,Default,,0000,0000,0000,,thanks to all the data on gsmmap, we think\Nwe have a much better understanding now of
Dialogue: 0,0:36:20.64,0:36:24.88,Default,,0000,0000,0000,,all the weird corner cases, how real\Nnetworks behave and created a much better
Dialogue: 0,0:36:24.88,0:36:32.89,Default,,0000,0000,0000,,ruleset for for an Android based catcher\Ncatcher tool now. And the rules go in two
Dialogue: 0,0:36:32.89,0:36:37.11,Default,,0000,0000,0000,,categories. One is the configuration of\Nthe of these different cells. For
Dialogue: 0,0:36:37.11,0:36:41.76,Default,,0000,0000,0000,,instance, the lack of encryption when, you\Nknow, from the gsmmap database that this
Dialogue: 0,0:36:41.76,0:36:46.47,Default,,0000,0000,0000,,network does usually support encryption,\Nthat's a big red flag. Also certain other
Dialogue: 0,0:36:46.47,0:36:51.18,Default,,0000,0000,0000,,configurations. So that's a configuration\Nof the network, the adjusted behavior and
Dialogue: 0,0:36:51.18,0:36:53.80,Default,,0000,0000,0000,,the IMSI catcher wants to get\Ninformation out from you at the very
Dialogue: 0,0:36:53.80,0:36:58.29,Default,,0000,0000,0000,,least, the IMSI, of course, it's in the\Nname. Right. So that suspicious behavior
Dialogue: 0,0:36:58.29,0:37:04.96,Default,,0000,0000,0000,,now, none of these things taken by\Nthemselves did allow you to detect an
Dialogue: 0,0:37:04.96,0:37:09.86,Default,,0000,0000,0000,,IMSI catcher. So we compute score over\Nthese different events, doing stream
Dialogue: 0,0:37:09.86,0:37:14.83,Default,,0000,0000,0000,,analysis on everything that happens on\Nyour phone and eventually then come out
Dialogue: 0,0:37:14.83,0:37:20.82,Default,,0000,0000,0000,,with a warning. If the score crosses a\Ncertain threshold, there's a bunch more we
Dialogue: 0,0:37:20.82,0:37:25.03,Default,,0000,0000,0000,,would have wanted to include that's even \Non a Qualcomm chipset in it's debug mode
Dialogue: 0,0:37:25.03,0:37:29.96,Default,,0000,0000,0000,,not available. So this is still ongoing work\Nas these chipsets progress and may give
Dialogue: 0,0:37:29.96,0:37:37.17,Default,,0000,0000,0000,,us more information in the future. Now, if\Nyou do find alerts, let's call them alarms
Dialogue: 0,0:37:37.17,0:37:41.04,Default,,0000,0000,0000,,on your phone. We'd be grateful if you\Ncould share them. Now, as I said, this is
Dialogue: 0,0:37:41.04,0:37:48.08,Default,,0000,0000,0000,,optional, right? You get you get the\Nalerts shown in shown in your little tool
Dialogue: 0,0:37:48.08,0:37:52.73,Default,,0000,0000,0000,,and then you can choose to upload\Nwhichever ones you think should be shared
Dialogue: 0,0:37:52.73,0:37:59.70,Default,,0000,0000,0000,,if we get enough of them and and think\Nthat there's really hot spots of of of
Dialogue: 0,0:37:59.70,0:38:03.42,Default,,0000,0000,0000,,abuse, of course, we'll try to make that\Ntransparent, perhaps even put little dots
Dialogue: 0,0:38:03.42,0:38:07.95,Default,,0000,0000,0000,,on the GSM website so people know where\Nabuse could be happening around
Dialogue: 0,0:38:07.95,0:38:20.37,Default,,0000,0000,0000,,demonstrations, around embassies, wherever.\N{\i1}Applause{\i0}
Dialogue: 0,0:38:20.37,0:38:23.41,Default,,0000,0000,0000,,You can also actively choose to
Dialogue: 0,0:38:23.41,0:38:28.09,Default,,0000,0000,0000,,submit data by by running an active test\Nnow usually the phone looks at everything
Dialogue: 0,0:38:28.09,0:38:32.37,Default,,0000,0000,0000,,that you produce, your phone calls, your\NSMS that's always stored on the phone.
Dialogue: 0,0:38:32.37,0:38:37.88,Default,,0000,0000,0000,,There's no way to upload that. And you\Ncompute a score for how secure your
Dialogue: 0,0:38:37.88,0:38:42.41,Default,,0000,0000,0000,,network is using the exact same metrics\Nthat we use on gsmmap. So that's all
Dialogue: 0,0:38:42.41,0:38:47.41,Default,,0000,0000,0000,,ported to the phone now. But if you feel\Nlike the score on gsmmap is heavily outdated,
Dialogue: 0,0:38:47.41,0:38:51.86,Default,,0000,0000,0000,,click this button. It runs some benign tests, \Nhas nothing to do with your transactions. I
Dialogue: 0,0:38:51.86,0:38:55.64,Default,,0000,0000,0000,,guess your location where you're currently\Nconnected would be included in the data
Dialogue: 0,0:38:55.64,0:39:02.03,Default,,0000,0000,0000,,and it uploads it to gsmmap. So that\Nbecomes better and better. And we can spot
Dialogue: 0,0:39:02.03,0:39:09.78,Default,,0000,0000,0000,,more networks that, for instance, like any\Nencryption at all. Yeah, so what's what
Dialogue: 0,0:39:09.78,0:39:15.37,Default,,0000,0000,0000,,what are you what I like you to do, I\Nthink you should do to better protect
Dialogue: 0,0:39:15.37,0:39:20.08,Default,,0000,0000,0000,,yourself from mobile abuse, of course you\Ncould keep waiting for your mobile
Dialogue: 0,0:39:20.08,0:39:24.90,Default,,0000,0000,0000,,networks to fix all these issues, which I\Nmust say more recently, more networks have
Dialogue: 0,0:39:24.90,0:39:30.15,Default,,0000,0000,0000,,moved to fix issues, but still not the\Nmajority. And no network has even started
Dialogue: 0,0:39:30.15,0:39:35.55,Default,,0000,0000,0000,,to address the majority of issues. So it's\Njust scratching the surface. So what I'd
Dialogue: 0,0:39:35.55,0:39:41.77,Default,,0000,0000,0000,,rather have you do is start defending\Nyourself. Check out gsmmap, see if you
Dialogue: 0,0:39:41.77,0:39:45.80,Default,,0000,0000,0000,,are on a network that generally protects\Nthings like encryption. You saw the
Dialogue: 0,0:39:45.80,0:39:51.75,Default,,0000,0000,0000,,networks that lack encryption. Don't use\Nthose. And if you really choose to self
Dialogue: 0,0:39:51.75,0:39:58.24,Default,,0000,0000,0000,,defense, download, SnoopSnitch, this new\Ntool and actively look out for abuse, for
Dialogue: 0,0:39:58.24,0:40:03.08,Default,,0000,0000,0000,,Silent SMS, binary SMS that you receive,\Nfor empty pagings, for IMSI catcher
Dialogue: 0,0:40:03.08,0:40:10.49,Default,,0000,0000,0000,,evidence and help us grow this database of\Nabuse. Right. Also help us grow the
Dialogue: 0,0:40:10.49,0:40:15.72,Default,,0000,0000,0000,,tool base that we use. This is released\Nopen source and we put in a lot of work to
Dialogue: 0,0:40:15.72,0:40:20.71,Default,,0000,0000,0000,,make the data accessible. But now it is\Naccessible, right? Just take it as a
Dialogue: 0,0:40:20.71,0:40:26.92,Default,,0000,0000,0000,,library and go wild with it. Do whatever\Nyou always wanted to do with raw baseband
Dialogue: 0,0:40:26.92,0:40:34.30,Default,,0000,0000,0000,,data on 2G, 3G, 4G. I am very much looking\Nforward to your contributions to this and
Dialogue: 0,0:40:34.30,0:40:37.72,Default,,0000,0000,0000,,all that's left for me to say is thank you\Nvery much.
Dialogue: 0,0:40:37.72,0:40:47.57,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:40:47.57,0:40:57.24,Default,,0000,0000,0000,,Herald: Thank you, Karsten, then we will\Nbeginning with the Q&A, please, for
Dialogue: 0,0:40:57.24,0:41:03.59,Default,,0000,0000,0000,,everybody that will be asking questions,\Nplease line up on the microphones in the
Dialogue: 0,0:41:03.59,0:41:13.66,Default,,0000,0000,0000,,room and for people that exit the room,\Nplease do it with no noise and quickly.
Dialogue: 0,0:41:13.66,0:41:17.39,Default,,0000,0000,0000,,Karsten: Now, before getting into the\Nquestion, let me give you one reason to
Dialogue: 0,0:41:17.39,0:41:22.52,Default,,0000,0000,0000,,actually do leave now. There's a workshop\Nhappening right now or in a few minutes
Dialogue: 0,0:41:22.52,0:41:27.85,Default,,0000,0000,0000,,that will explain how this tool works and\Nwhat it can all do. We'll have an IMSI
Dialogue: 0,0:41:27.85,0:41:31.24,Default,,0000,0000,0000,,catcher there a day or so. You can tell us\Nhow that feels like being connected to an
Dialogue: 0,0:41:31.24,0:41:36.21,Default,,0000,0000,0000,,IMSI catcher. It's happening in room C,\Nwhich is when you exit here one floor
Dialogue: 0,0:41:36.21,0:41:41.75,Default,,0000,0000,0000,,down and to this end.\NHerald: And additional information, the
Dialogue: 0,0:41:41.75,0:41:51.41,Default,,0000,0000,0000,,workshop that's Karsten says start at\Nnineteen forty five.
Dialogue: 0,0:41:51.41,0:42:00.05,Default,,0000,0000,0000,,K: And now to your questions.\N{\i1} distant noise {\i0}
Dialogue: 0,0:42:00.05,0:42:04.80,Default,,0000,0000,0000,,K: Sure.\NHerald: OK, microphone number two and
Dialogue: 0,0:42:04.80,0:42:10.46,Default,,0000,0000,0000,,please, before before we before you can\Nstart number two, please do it with no
Dialogue: 0,0:42:10.46,0:42:19.27,Default,,0000,0000,0000,,noise that we hear the question from the\Naudience. OK, number two, please.
Dialogue: 0,0:42:19.27,0:42:23.26,Default,,0000,0000,0000,,Mic 2: Thank you. Can you quickly say a\Nfew words about why it wouldn't work on
Dialogue: 0,0:42:23.26,0:42:27.61,Default,,0000,0000,0000,,custom ROMs? Because we could just install\Nit into cyanogen phones and apparently
Dialogue: 0,0:42:27.61,0:42:34.75,Default,,0000,0000,0000,,installed and it seems to work.\NK: Oh, OK. So the way I understood custom
Dialogue: 0,0:42:34.75,0:42:38.92,Default,,0000,0000,0000,,ROMs is that they first remove a bunch of\Nstuff from the phone and then put a bunch
Dialogue: 0,0:42:38.92,0:42:44.02,Default,,0000,0000,0000,,of stuff on it. Part of what we need are\Nthese proprietary Qualcomm libraries and
Dialogue: 0,0:42:44.02,0:42:47.05,Default,,0000,0000,0000,,at least on the phones where we tried\Ncyanogen mod and what they are being
Dialogue: 0,0:42:47.05,0:42:51.73,Default,,0000,0000,0000,,removed. So if cyanogen mod could stop\Ndoing that, it would work beautifully.
Dialogue: 0,0:42:51.73,0:42:56.43,Default,,0000,0000,0000,,It's not that we need anything additional.\NWe just need less to be deleted.
Dialogue: 0,0:42:56.43,0:43:04.29,Default,,0000,0000,0000,,Mic 2: OK, thank you.\NHerald: OK. Microphone number …, will you
Dialogue: 0,0:43:04.29,0:43:09.76,Default,,0000,0000,0000,,ask. OK, are there some questions from the\NIRC?
Dialogue: 0,0:43:09.76,0:43:16.09,Default,,0000,0000,0000,,K: I think we have a bunch of questions.\NSignal Angel: Actually, there is five
Dialogue: 0,0:43:16.09,0:43:24.03,Default,,0000,0000,0000,,questions, so I will just ask one or two\Nfor starting. The first one is, can all
Dialogue: 0,0:43:24.03,0:43:30.69,Default,,0000,0000,0000,,these shown attacks that you proved on\Nyour speech be mitigated by… by higher
Dialogue: 0,0:43:30.69,0:43:37.30,Default,,0000,0000,0000,,protocols levels, like encrypted VoIP or\NTextSecure, things like that? And what
Dialogue: 0,0:43:37.30,0:43:41.91,Default,,0000,0000,0000,,will be the residual risks?\NK: Mm, yeah. A good question. So how much
Dialogue: 0,0:43:41.91,0:43:46.74,Default,,0000,0000,0000,,can you protect yourself by using the\Nmobile network less on using it as a dumb
Dialogue: 0,0:43:46.74,0:43:52.71,Default,,0000,0000,0000,,pipe, I guess is the question, what if you\Nuse just apps to call and send text? Well,
Dialogue: 0,0:43:52.71,0:43:59.09,Default,,0000,0000,0000,,obviously your calls and texts won't be\Nintercepted anymore if they are encrypted
Dialogue: 0,0:43:59.09,0:44:04.56,Default,,0000,0000,0000,,one more time in a way that's not\Nbreakable. However, this does not solve
Dialogue: 0,0:44:04.56,0:44:09.10,Default,,0000,0000,0000,,the location tracking. It does not solve\Nthe fraud. It does not solve the denial of
Dialogue: 0,0:44:09.10,0:44:13.79,Default,,0000,0000,0000,,service. It does not solve the spamming.\NSo you are tied to a mobile network and it
Dialogue: 0,0:44:13.79,0:44:18.14,Default,,0000,0000,0000,,has a lot of control over you, your\Nlocation and your phone bill. None of that
Dialogue: 0,0:44:18.14,0:44:25.59,Default,,0000,0000,0000,,is going to go away.\NHerald: Another question from the IRC, one.
Dialogue: 0,0:44:25.59,0:44:33.38,Default,,0000,0000,0000,,Signal Angel: Yeah, um, the second one is:\NWouldn't it be easier to design from
Dialogue: 0,0:44:33.38,0:44:39.90,Default,,0000,0000,0000,,scratch a new mobile mobile network than\Ntrying to find all flaws from actual
Dialogue: 0,0:44:39.90,0:44:45.08,Default,,0000,0000,0000,,networks, which is an endless task?\NK: Or I don't know where you would even
Dialogue: 0,0:44:45.08,0:44:49.77,Default,,0000,0000,0000,,start designing everything from scratch\Ncompletely? The closest that I can think
Dialogue: 0,0:44:49.77,0:44:54.28,Default,,0000,0000,0000,,of designing the mobile network from\Nscratch is LTE in the name of long term
Dialogue: 0,0:44:54.28,0:44:58.50,Default,,0000,0000,0000,,evolution. It really wants to change\Neverything, but gives it a couple of years
Dialogue: 0,0:44:58.50,0:45:02.69,Default,,0000,0000,0000,,but as Tobias pointed out, those\Nissues we pointed out today, they are
Dialogue: 0,0:45:02.69,0:45:08.22,Default,,0000,0000,0000,,again included in LTE. Diameter is the\Ninterconnect protocol. So we already
Dialogue: 0,0:45:08.22,0:45:13.41,Default,,0000,0000,0000,,missed a chance to to remove much of this\Nissues by just upgrade. We'll have to fix
Dialogue: 0,0:45:13.41,0:45:18.95,Default,,0000,0000,0000,,it through firewalls and monitoring like\Nwe never got to update the Internet.
Dialogue: 0,0:45:18.95,0:45:22.54,Default,,0000,0000,0000,,Herald: OK, microphone number four,\Nplease.
Dialogue: 0,0:45:22.54,0:45:27.62,Default,,0000,0000,0000,,Mic 4: Yet just a short thing. Could you\Njust provide a list of those libraries
Dialogue: 0,0:45:27.62,0:45:35.63,Default,,0000,0000,0000,,you need from the stock images? So I think\Nit's pretty easy to copy them to this
Dialogue: 0,0:45:35.63,0:45:38.48,Default,,0000,0000,0000,,cyanogen mod images.\NK: Ok
Dialogue: 0,0:45:38.48,0:45:40.52,Default,,0000,0000,0000,,Mic 4: OK, and if the app is open source,
Dialogue: 0,0:45:40.52,0:45:45.90,Default,,0000,0000,0000,,maybe you can put it on fdroid?\NK: Oh absolutely. Yes. Thank you.
Dialogue: 0,0:45:45.90,0:45:50.97,Default,,0000,0000,0000,,{\i1}applause{\i0}\NHerald: The microphone number two, please.
Dialogue: 0,0:45:50.97,0:45:57.56,Default,,0000,0000,0000,,Mic 2: Got two questions, if I understood\Ncorrectly, you need to be inside the
Dialogue: 0,0:45:57.56,0:46:02.35,Default,,0000,0000,0000,,operator network to actually\Nperform those SS7 queries, right?
Dialogue: 0,0:46:02.35,0:46:08.03,Default,,0000,0000,0000,,K: Um, well, I would I would like for this\Nto be the case. But currently, does
Dialogue: 0,0:46:08.03,0:46:12.02,Default,,0000,0000,0000,,anybody in the world connected to SS7 can\Nsend his queries.
Dialogue: 0,0:46:12.02,0:46:17.96,Default,,0000,0000,0000,,Mic 2: OK, so my question is that what was\Nyour hook point for actually doing this
Dialogue: 0,0:46:17.96,0:46:20.89,Default,,0000,0000,0000,,test?\NK: I think I'll quote Tobias here by
Dialogue: 0,0:46:20.89,0:46:23.42,Default,,0000,0000,0000,,saying I would rather not say anything \Nabout that.
Dialogue: 0,0:46:23.42,0:46:29.80,Default,,0000,0000,0000,,Mic 2: OK, so the second question is about\Nthe case you mentioned it's if I am not
Dialogue: 0,0:46:29.80,0:46:37.84,Default,,0000,0000,0000,,mistaken, is the session key. Right? It's and\Nit should involve that nonce value, right?
Dialogue: 0,0:46:37.84,0:46:42.85,Default,,0000,0000,0000,,K: Yeah.\NMic 2: So if it is, it already has the nonce
Dialogue: 0,0:46:42.85,0:46:48.13,Default,,0000,0000,0000,,value. So in order the attack to work, we\Nalso need to intercept the initial
Dialogue: 0,0:46:48.13,0:46:54.93,Default,,0000,0000,0000,,messages, the nonce exchange between the\Ntarget and the basis station. Is that
Dialogue: 0,0:46:54.93,0:46:59.46,Default,,0000,0000,0000,,correct?\NK: No, the nonce is… as as they are. So
Dialogue: 0,0:46:59.46,0:47:05.66,Default,,0000,0000,0000,,the SIM card knows which key to produce.\N{\i1}Yes.{\i0} But it helps the phone to find the
Dialogue: 0,0:47:05.66,0:47:09.78,Default,,0000,0000,0000,,right encryption key. We are not the\Nphone. We don't have the SIM card. {\i1}Right.{\i0}
Dialogue: 0,0:47:09.78,0:47:12.60,Default,,0000,0000,0000,,If you just give us the encryption key, \Nwe don't need the nonce.
Dialogue: 0,0:47:12.60,0:47:18.70,Default,,0000,0000,0000,,Mic 2: Yes. So what you're saying is that\Nthe query you're sending there, it
Dialogue: 0,0:47:18.70,0:47:25.91,Default,,0000,0000,0000,,actually sends you not only the encryption\Nkey, but also the nonce that is required..
Dialogue: 0,0:47:25.91,0:47:30.03,Default,,0000,0000,0000,,K: It doesn't send us the nonce and we\Ndon't need the nonce. We can take that
Dialogue: 0,0:47:30.03,0:47:32.43,Default,,0000,0000,0000,,offline now, explain how everything works.\NThank you.
Dialogue: 0,0:47:32.43,0:47:35.78,Default,,0000,0000,0000,,Herald: To microphone number three,\Nplease.
Dialogue: 0,0:47:35.78,0:47:40.68,Default,,0000,0000,0000,,Mic 3: First of all, thank you for a very\Ngood presentation and very impressive work
Dialogue: 0,0:47:40.68,0:47:45.33,Default,,0000,0000,0000,,you've done here.\N{\i1}applause{\i0}
Dialogue: 0,0:47:45.33,0:47:50.05,Default,,0000,0000,0000,,K: Thank you.\NMic 3: The question I have might be a
Dialogue: 0,0:47:50.05,0:47:55.09,Default,,0000,0000,0000,,little naive, but have you also, besides\Ntaking a look at this closing this whole
Dialogue: 0,0:47:55.09,0:48:00.63,Default,,0000,0000,0000,,issue technically wise, also been taking a\Nlook into how what measures can be taken
Dialogue: 0,0:48:00.63,0:48:04.90,Default,,0000,0000,0000,,legally, at least in Germany and some\Ncountries in Europe now that we have
Dialogue: 0,0:48:04.90,0:48:11.43,Default,,0000,0000,0000,,disclosed that basically certain rules /\Nlaws have not been fulfilled, that we can
Dialogue: 0,0:48:11.43,0:48:15.95,Default,,0000,0000,0000,,enforce the operators to implement this\Nstuff on legal ways?
Dialogue: 0,0:48:15.95,0:48:21.42,Default,,0000,0000,0000,,K: We have not looked into it. Of course,\Nwe consider the possibility as soon as
Dialogue: 0,0:48:21.42,0:48:25.47,Default,,0000,0000,0000,,somebody has an overview of where these\Nattacks happen. And that seems to be the
Dialogue: 0,0:48:25.47,0:48:31.14,Default,,0000,0000,0000,,issue right now. There's zero attack\Ntransparency. Nobody is looking for these
Dialogue: 0,0:48:31.14,0:48:38.30,Default,,0000,0000,0000,,issues. And partly that's to the to their\Nown disbenefit, because as soon as they do
Dialogue: 0,0:48:38.30,0:48:43.19,Default,,0000,0000,0000,,look for this issue, some of these attack\Npatterns are very easy to stop, as I said,
Dialogue: 0,0:48:43.19,0:48:49.66,Default,,0000,0000,0000,,two German networks, mitigated them within\Ntwo weeks. And these issues had been open
Dialogue: 0,0:48:49.66,0:48:54.51,Default,,0000,0000,0000,,for 20 years. Had they ever looked into\Ntheir own data, that would have seen this
Dialogue: 0,0:48:54.51,0:49:00.06,Default,,0000,0000,0000,,going on. So I'm not very confident that\Nanybody in Germany at least has an
Dialogue: 0,0:49:00.06,0:49:04.65,Default,,0000,0000,0000,,overview of where abuse would come from.\NAnd as soon as it does, I don't think
Dialogue: 0,0:49:04.65,0:49:10.31,Default,,0000,0000,0000,,there's much point in litigating. Let's\Njust stop the possibility of abuse. Right,
Dialogue: 0,0:49:10.31,0:49:14.99,Default,,0000,0000,0000,,instead of complaining about it happening.\NBut I'm with you. If there's corner cases
Dialogue: 0,0:49:14.99,0:49:19.66,Default,,0000,0000,0000,,in which abuse just can't be stopped,\Nlet's fight it legally, of course. Right.
Dialogue: 0,0:49:19.66,0:49:24.85,Default,,0000,0000,0000,,And if all of you contribute information\Nthrough SnoopSearch, does the empty
Dialogue: 0,0:49:24.85,0:49:29.56,Default,,0000,0000,0000,,pagings, if we can find patterns of\Nabuse, of course, we'll aggregate them and
Dialogue: 0,0:49:29.56,0:49:36.68,Default,,0000,0000,0000,,try to move against them.\NHerald: OK, microphone number four,
Dialogue: 0,0:49:36.68,0:49:40.74,Default,,0000,0000,0000,,please.\NMic 4: You said you can buy your way into
Dialogue: 0,0:49:40.74,0:49:46.79,Default,,0000,0000,0000,,the SS7 Network, but how easy is it\Nactually to get your access? And what do
Dialogue: 0,0:49:46.79,0:49:50.69,Default,,0000,0000,0000,,you estimate: How many players are \Nthere in the network? Can you give any
Dialogue: 0,0:49:50.69,0:49:54.31,Default,,0000,0000,0000,,estimation?\NK: I have absolutely no idea. I know that
Dialogue: 0,0:49:54.31,0:50:01.76,Default,,0000,0000,0000,,there's some 800 companies who who are\Nlegally allowed to access SS7 and then
Dialogue: 0,0:50:01.76,0:50:06.86,Default,,0000,0000,0000,,those, of course, have subcontractors,\Nlegal and illegal, and some people who
Dialogue: 0,0:50:06.86,0:50:11.19,Default,,0000,0000,0000,,bribe them. Yet other people who hack\Ntheir systems or the systems of the
Dialogue: 0,0:50:11.19,0:50:14.92,Default,,0000,0000,0000,,subcontractors, it's very hard to\Nestimate. No idea. But definitely too many
Dialogue: 0,0:50:14.92,0:50:18.65,Default,,0000,0000,0000,,to trust all of them.\NMic 4: And would it be possible for me to
Dialogue: 0,0:50:18.65,0:50:25.71,Default,,0000,0000,0000,,get access to this without any operator\Nstuff or. I don't want to operate a phone
Dialogue: 0,0:50:25.71,0:50:31.30,Default,,0000,0000,0000,,network, but I want to have access because\NI want to provide a service, some service?
Dialogue: 0,0:50:31.30,0:50:35.67,Default,,0000,0000,0000,,K: Well, I wish the answer was no, but of\Ncourse, right of to be as an I and a bunch
Dialogue: 0,0:50:35.67,0:50:40.91,Default,,0000,0000,0000,,of other people can get access. You should\Nbe able to get that too. But I'm not going
Dialogue: 0,0:50:40.91,0:50:44.60,Default,,0000,0000,0000,,to tell you how.\N{\i1}laughter and applause{\i0}
Dialogue: 0,0:50:44.60,0:50:51.68,Default,,0000,0000,0000,,Herald: Yet another question from the IRC.\NSignal Angel: We're about nine questions,
Dialogue: 0,0:50:51.68,0:50:58.20,Default,,0000,0000,0000,,so no problem for me. First one, what\Nabout Windows phones, jail breaked
Dialogue: 0,0:50:58.20,0:51:04.89,Default,,0000,0000,0000,,iPhones, or something like this will the\Napp in the end [be] on this phones?
Dialogue: 0,0:51:04.89,0:51:11.25,Default,,0000,0000,0000,,K: Our app doesn't run on anything other\Nthan Android, but the chipsets are, of
Dialogue: 0,0:51:11.25,0:51:16.67,Default,,0000,0000,0000,,course, the same. So if you can speak to a\Nchipset through a jail broken iPhone, for
Dialogue: 0,0:51:16.67,0:51:22.07,Default,,0000,0000,0000,,instance, you could create a similar\Napplication. We just wanted to target the
Dialogue: 0,0:51:22.07,0:51:25.99,Default,,0000,0000,0000,,biggest population of phones, and that\Nseems to be Android phones.
Dialogue: 0,0:51:25.99,0:51:33.16,Default,,0000,0000,0000,,Herald: Then number two, please.\NMic 2: One further thought on self-defense
Dialogue: 0,0:51:33.16,0:51:41.11,Default,,0000,0000,0000,,as self-defense has don't has to be\Nproportionate, I think, and identities are
Dialogue: 0,0:51:41.11,0:51:46.77,Default,,0000,0000,0000,,not secure in the digital sphere. How\Nabout developing some proactive, as we
Dialogue: 0,0:51:46.77,0:51:52.82,Default,,0000,0000,0000,,heard the word defense tools?\NK: Proactive as in hack the networks,
Dialogue: 0,0:51:52.82,0:51:59.01,Default,,0000,0000,0000,,until they have no chance but to fix?\NMic 2: That's what you understood, but.
Dialogue: 0,0:51:59.01,0:52:03.01,Default,,0000,0000,0000,,But, I support that. {\i1} laughter {\i0}\NK: I'm not going to say that I dislike the
Dialogue: 0,0:52:03.01,0:52:07.62,Default,,0000,0000,0000,,idea. But you won't see me here next year\Nexplaining how I did it.
Dialogue: 0,0:52:07.62,0:52:11.69,Default,,0000,0000,0000,,Mic 2: Thank you.\NHerald: Microphone number three, please.
Dialogue: 0,0:52:11.69,0:52:17.07,Default,,0000,0000,0000,,OK. When did you check the other two\NGerman networks didn't fix the identifier
Dialogue: 0,0:52:17.07,0:52:21.80,Default,,0000,0000,0000,,and the issue.\NK. Which network do you work for?
Dialogue: 0,0:52:21.80,0:52:27.78,Default,,0000,0000,0000,,Mic 2: I'm Holger. We talked last week.\NK: Yeah. So yeah. Maybe you fixed it too.
Dialogue: 0,0:52:27.78,0:52:30.93,Default,,0000,0000,0000,,We didn't, we didn't check.\NMic 2: We fixed it within 24 hour, 24
Dialogue: 0,0:52:30.93,0:52:34.59,Default,,0000,0000,0000,,hours after our call.\NK: Wow. OK.
Dialogue: 0,0:52:34.59,0:52:38.30,Default,,0000,0000,0000,,Mic 2: On both networks.\N{\i1}applause{\i0}
Dialogue: 0,0:52:38.30,0:52:44.43,Default,,0000,0000,0000,,Thank you. Better late than never. Thank\Nyou.
Dialogue: 0,0:52:44.43,0:52:47.32,Default,,0000,0000,0000,,Mic 2: That's right.\NK: OK, so that's three out of four now,
Dialogue: 0,0:52:47.32,0:52:52.61,Default,,0000,0000,0000,,that fix one out of 100 problems.\NMic 2: No, it's… I know that's why we
Dialogue: 0,0:52:52.61,0:52:59.61,Default,,0000,0000,0000,,don't go to the press and don't tell that\NSS7 is fixed and we know we still have
Dialogue: 0,0:52:59.61,0:53:06.92,Default,,0000,0000,0000,,problems also. It's all four. I work for\NTelefonica, which is O2 and eplus.
Dialogue: 0,0:53:06.92,0:53:11.29,Default,,0000,0000,0000,,K: Oh yeah. Well, congratulations. Sorry.\NSorry for spoiling your Christmas.
Dialogue: 0,0:53:11.29,0:53:13.44,Default,,0000,0000,0000,,{\i1} laughter {\i0}
Dialogue: 0,0:53:13.44,0:53:19.40,Default,,0000,0000,0000,,Herald: Microphone number two, please.\NMic 2: I'd like to know why these empty
Dialogue: 0,0:53:19.40,0:53:24.18,Default,,0000,0000,0000,,pagings occur in the context of the\Nlocation tracking, I thought, as soon as
Dialogue: 0,0:53:24.18,0:53:30.62,Default,,0000,0000,0000,,the phone registers in the network, the\Nbase station, which is this connected to,
Dialogue: 0,0:53:30.62,0:53:32.63,Default,,0000,0000,0000,,is known in the network anyway. Is that\Nthe case?
Dialogue: 0,0:53:32.63,0:53:37.49,Default,,0000,0000,0000,,K: That's a very good question. And let me\Nlet me go back to one earlier slide to to
Dialogue: 0,0:53:37.49,0:53:45.59,Default,,0000,0000,0000,,explain that, one second, so that the\Nempty pagings do not occure when you send
Dialogue: 0,0:53:45.59,0:53:50.38,Default,,0000,0000,0000,,these creepy AnytimeInterrogation\Nmessages. They are just there for spying
Dialogue: 0,0:53:50.38,0:53:55.28,Default,,0000,0000,0000,,and there's no way to page the customer.\NBut since this got blocked and Tobias went
Dialogue: 0,0:53:55.28,0:53:59.07,Default,,0000,0000,0000,,into great level of detail explaining\Nthis, you need a couple of other messages
Dialogue: 0,0:53:59.07,0:54:03.32,Default,,0000,0000,0000,,to now track some of this location and\Nthese messages when meant for location
Dialogue: 0,0:54:03.32,0:54:09.53,Default,,0000,0000,0000,,tracking them and ment for other purposes.\NFor instance, as I provide subscriber info
Dialogue: 0,0:54:09.53,0:54:14.95,Default,,0000,0000,0000,,that however you reach it is always the\Nlast message you need. This does do a
Dialogue: 0,0:54:14.95,0:54:19.02,Default,,0000,0000,0000,,paging and then to provide subscriber info\Nreally makes no sense unless you send
Dialogue: 0,0:54:19.02,0:54:23.89,Default,,0000,0000,0000,,something afterwards also, deliver an SMS\Nconnect to call or whatever. So the paging
Dialogue: 0,0:54:23.89,0:54:29.69,Default,,0000,0000,0000,,is already sent in anticipation that an\NSMS will come or that the call will come.
Dialogue: 0,0:54:29.69,0:54:33.88,Default,,0000,0000,0000,,But if you're only the creepy guy tracking\Nit, they're going to send it SMS and
Dialogue: 0,0:54:33.88,0:54:38.41,Default,,0000,0000,0000,,that's where the empty paging comes from.\NMic 2: OK, but still also in these cases
Dialogue: 0,0:54:38.41,0:54:43.61,Default,,0000,0000,0000,,where something follows the paging, isn't\Nit a type of double checking whether it's
Dialogue: 0,0:54:43.61,0:54:50.23,Default,,0000,0000,0000,,really there or I mean, the location info\Nitself should already be present and the
Dialogue: 0,0:54:50.23,0:54:53.51,Default,,0000,0000,0000,,network, isn't it?\NK: Yeah, yeah. It just reconfirms that the
Dialogue: 0,0:54:53.51,0:54:57.64,Default,,0000,0000,0000,,subscriber is really there. So it's\Nbasically saying: Somebody you just
Dialogue: 0,0:54:57.64,0:55:01.37,Default,,0000,0000,0000,,interrogated your location because they\Nwant to send you something. Let's check
Dialogue: 0,0:55:01.37,0:55:05.35,Default,,0000,0000,0000,,that you're really still there because\Notherwise we'll tell them something wrong.
Dialogue: 0,0:55:05.35,0:55:10.42,Default,,0000,0000,0000,,But Tobias do you want to comment on that.\NTobias: Yeah. OK, so the empty paging is
Dialogue: 0,0:55:10.42,0:55:15.93,Default,,0000,0000,0000,,not anticipation or something that's\Ncoming after. It's to get the current cell
Dialogue: 0,0:55:15.93,0:55:20.97,Default,,0000,0000,0000,,that you are located at, because when you\Nare moving around in your location area
Dialogue: 0,0:55:20.97,0:55:24.85,Default,,0000,0000,0000,,and the area that is covered by the\Nswitching center that you're currently
Dialogue: 0,0:55:24.85,0:55:31.12,Default,,0000,0000,0000,,being served by, your phone doesn't\Nnecessarily contact the base station. So
Dialogue: 0,0:55:31.12,0:55:37.79,Default,,0000,0000,0000,,it could be that that the networks last\Nposition of you is somewhere you received
Dialogue: 0,0:55:37.79,0:55:43.95,Default,,0000,0000,0000,,an SMS or text or call, and then you moved\Nto a completely different area if your
Dialogue: 0,0:55:43.95,0:55:49.13,Default,,0000,0000,0000,,phone didn't have network contact in the\Nmeantime, the network would still only
Dialogue: 0,0:55:49.13,0:55:55.61,Default,,0000,0000,0000,,know the last point of contact. So that's\Nwhy the why the empty paging happens so
Dialogue: 0,0:55:55.61,0:56:01.31,Default,,0000,0000,0000,,that the that the network knows the base\Nstation that's actually currently closest
Dialogue: 0,0:56:01.31,0:56:06.78,Default,,0000,0000,0000,,to you. That's also why the law\Nenforcement uses a lot of Silent SMS so
Dialogue: 0,0:56:06.78,0:56:12.53,Default,,0000,0000,0000,,that that they can get the last position\Nin the network. And it's also an option if
Dialogue: 0,0:56:12.53,0:56:17.24,Default,,0000,0000,0000,,you send provide subscriber information,\Nyou can just send it and get back the last
Dialogue: 0,0:56:17.24,0:56:23.72,Default,,0000,0000,0000,,known position without a paging or you can\Nset the current location flag and provide
Dialogue: 0,0:56:23.72,0:56:29.86,Default,,0000,0000,0000,,subscriber information. And only then the\Nsubscriber gets paged and you will receive
Dialogue: 0,0:56:29.86,0:56:33.53,Default,,0000,0000,0000,,the current location.\NK: And that's that's one good example for
Dialogue: 0,0:56:33.53,0:56:37.88,Default,,0000,0000,0000,,how SS7, which is supposed to be\Nso insecure we can never fix it, can
Dialogue: 0,0:56:37.88,0:56:42.75,Default,,0000,0000,0000,,easily be fixed. There's an option that\Nsays we're using this as normal feature
Dialogue: 0,0:56:42.75,0:56:46.48,Default,,0000,0000,0000,,that's absolutely needed. And we have this\Ncreepy extension to also ask for the
Dialogue: 0,0:56:46.48,0:56:51.14,Default,,0000,0000,0000,,location. And some networks choose to not\Nanswer that. The answer was zero zero zero
Dialogue: 0,0:56:51.14,0:56:57.54,Default,,0000,0000,0000,,zero and nothing broke. Right. So you can\Njust ignore the insecure parts of SS7 and
Dialogue: 0,0:56:57.54,0:57:01.89,Default,,0000,0000,0000,,do whatever you think is right. And for\Nthe most part, it continues to work. But
Dialogue: 0,0:57:01.89,0:57:04.04,Default,,0000,0000,0000,,I think we're well beyond answering \Nyour question now right?
Dialogue: 0,0:57:04.04,0:57:11.23,Default,,0000,0000,0000,,Mic 2: No, but from your answers. Thank\Nyou very much. But another question
Dialogue: 0,0:57:11.23,0:57:16.71,Default,,0000,0000,0000,,arises, because if it's actually to locate\Nyour phone and to find out which cell
Dialogue: 0,0:57:16.71,0:57:23.31,Default,,0000,0000,0000,,you're actually in, then it implies that\Nit's not only one base station that since
Dialogue: 0,0:57:23.31,0:57:29.19,Default,,0000,0000,0000,,the paging call, but a whole bunch of base\Nstations. Do you know something about the
Dialogue: 0,0:57:29.19,0:57:35.26,Default,,0000,0000,0000,,algorithm? I mean, how many around the\Nlast known location are paging everybody
Dialogue: 0,0:57:35.26,0:57:39.56,Default,,0000,0000,0000,,nationwide or how does..\NK: Everybody can implement this as they
Dialogue: 0,0:57:39.56,0:57:45.34,Default,,0000,0000,0000,,wish? And I don't have much insights into\Nhow 3G does it, but in 2G typically is:
Dialogue: 0,0:57:45.34,0:57:49.73,Default,,0000,0000,0000,,There's one paging send in the last cell\Nthat saw you. You don't respond. It's send
Dialogue: 0,0:57:49.73,0:57:53.60,Default,,0000,0000,0000,,in a larger area. You don't respond. It's\Nsent for the whole location area. And then
Dialogue: 0,0:57:53.60,0:57:58.10,Default,,0000,0000,0000,,some networks, you don't respond. They\Nsend it in the entire country. But that's
Dialogue: 0,0:57:58.10,0:58:01.59,Default,,0000,0000,0000,,rare. Right?\NMic 2: Thank you very much.
Dialogue: 0,0:58:01.59,0:58:12.79,Default,,0000,0000,0000,,Herald: Okay. Questions from the IRC?\NSignal Angel: Did SnoopSnitch allow you to
Dialogue: 0,0:58:12.79,0:58:20.74,Default,,0000,0000,0000,,reveal any kind of attack in countries.\NNot special name in mind.
Dialogue: 0,0:58:20.74,0:58:26.92,Default,,0000,0000,0000,,K: Does it allow you to detect attacks in\Ncountries? {\i1}Yeah,{\i0} yeah, {\i1}some kind of{\i0}
Dialogue: 0,0:58:26.92,0:58:32.52,Default,,0000,0000,0000,,{\i1}Tapsell.{\i0} I think the answer is yes. Its\Nwhole purpose is to detect attacks. And it
Dialogue: 0,0:58:32.52,0:58:35.85,Default,,0000,0000,0000,,also works in countries…\N{\i1} laughter {\i0}
Dialogue: 0,0:58:35.85,0:58:39.84,Default,,0000,0000,0000,,Herald: Did you succeed in detecting attacks.\NK: Did we succeed in
Dialogue: 0,0:58:39.84,0:58:46.59,Default,,0000,0000,0000,,detecting. Yes, we did. And if you go down\Nto the Saal C, Room C, you can see how it's
Dialogue: 0,0:58:46.59,0:58:53.88,Default,,0000,0000,0000,,currently people are being attacked and\Ncurrently they detect that. {\i1}Ok{\i0}
Dialogue: 0,0:58:53.88,0:58:59.28,Default,,0000,0000,0000,,Herald: OK microphone number five, please.\NMic 5: Yes, thanks, it's going back to SS7
Dialogue: 0,0:58:59.28,0:59:05.67,Default,,0000,0000,0000,,basics. Can you quickly explain how SS7 is\Nimplemented? Is this a VPN on the public
Dialogue: 0,0:59:05.67,0:59:10.61,Default,,0000,0000,0000,,Internet through the providers? What's the\Ntechnical reality of transport?
Dialogue: 0,0:59:10.61,0:59:16.64,Default,,0000,0000,0000,,K: That's a very good question. Of course,\Nthat's a very good question. And I only
Dialogue: 0,0:59:16.64,0:59:21.89,Default,,0000,0000,0000,,have half of the information, too. I keep\Nlearning. But so it seems that it was
Dialogue: 0,0:59:21.89,0:59:27.43,Default,,0000,0000,0000,,implemented initially as a network between\NWestern European telcos and their run
Dialogue: 0,0:59:27.43,0:59:33.96,Default,,0000,0000,0000,,cables, dedicated cables for SS7.\NSIGTRAN they called this and then a couple
Dialogue: 0,0:59:33.96,0:59:38.25,Default,,0000,0000,0000,,more networks connected to it. And each\Nof them had to run the cable to one of the
Dialogue: 0,0:59:38.25,0:59:42.69,Default,,0000,0000,0000,,other telcos. But eventually they changed\Nthat and then introduced what I call
Dialogue: 0,0:59:42.69,0:59:46.74,Default,,0000,0000,0000,,routing providers. So telcos are not\Nconnected to each other usually, but
Dialogue: 0,0:59:46.74,0:59:52.24,Default,,0000,0000,0000,,through a routing provider like on the\NInternet and those routing providers, they
Dialogue: 0,0:59:52.24,0:59:56.71,Default,,0000,0000,0000,,typically don't run a cable to your house\Nanymore. If you are a new telco, they give
Dialogue: 0,0:59:56.71,1:00:00.79,Default,,0000,0000,0000,,you a VPN over the Internet. So it's\Ndiverse. I'm sure there's still some
Dialogue: 0,1:00:00.79,1:00:04.79,Default,,0000,0000,0000,,dedicated lines between Germany and\NFrance, say, and there's some others
Dialogue: 0,1:00:04.79,1:00:08.51,Default,,0000,0000,0000,,connecting and these big clouds that are\Nrouting providers. And it's actually
Dialogue: 0,1:00:08.51,1:00:12.29,Default,,0000,0000,0000,,really difficult to get your address\Nrouted everywhere in the world. So even if
Dialogue: 0,1:00:12.29,1:00:16.89,Default,,0000,0000,0000,,you connect to SS7, all you're connected \Nto is one routing provider and that
Dialogue: 0,1:00:16.89,1:00:21.69,Default,,0000,0000,0000,,routing provider knows that you own these\Naddresses. Now it's up to you to convince
Dialogue: 0,1:00:21.69,1:00:25.85,Default,,0000,0000,0000,,every other of the big seven or nine,\Ndepending on how you count routing
Dialogue: 0,1:00:25.85,1:00:34.25,Default,,0000,0000,0000,,providers that you are that guy with those\Naddresses. So the BGP equivalent of SS7 is
Dialogue: 0,1:00:34.25,1:00:40.41,Default,,0000,0000,0000,,to get nine roaming agreements signed with\Npeople on these other nine operators and
Dialogue: 0,1:00:40.41,1:00:44.81,Default,,0000,0000,0000,,then fax those roaming agreements to\Neverybody else involved. So they type it
Dialogue: 0,1:00:44.81,1:00:49.53,Default,,0000,0000,0000,,into your computer, into their computers,\Nvery manual and very hard to grow the
Dialogue: 0,1:00:49.53,1:00:52.83,Default,,0000,0000,0000,,network. But for the most part, it doesn't\Nchange, of course-
Dialogue: 0,1:00:52.83,1:00:57.94,Default,,0000,0000,0000,,Mic 5: So that the low level transport is\Nnot really an attack surface from the
Dialogue: 0,1:00:57.94,1:01:00.84,Default,,0000,0000,0000,,public Internet.\NK: It can be the low level transport can
Dialogue: 0,1:01:00.84,1:01:07.09,Default,,0000,0000,0000,,be an attack surface if people just\Nstupidly leave open their local networks.
Dialogue: 0,1:01:07.09,1:01:11.16,Default,,0000,0000,0000,,But it's rare. It's much more common,\Nspeaking about our talk next year,
Dialogue: 0,1:01:11.16,1:01:15.84,Default,,0000,0000,0000,,hopefully on the other interconnect\Nnetworks, there's one interconnect network
Dialogue: 0,1:01:15.84,1:01:22.24,Default,,0000,0000,0000,,for data roaming. It's called GRX. And\Nsince everything is IP anyway on data
Dialogue: 0,1:01:22.24,1:01:26.61,Default,,0000,0000,0000,,roaming, people sometimes do leave it out\Non the Internet or just do it unencrypted
Dialogue: 0,1:01:26.61,1:01:31.01,Default,,0000,0000,0000,,over the Internet. And it does seem to\Nbecome more popular also with the SS7
Dialogue: 0,1:01:31.01,1:01:37.44,Default,,0000,0000,0000,,replacement Diameter, which again is pure\NIP. So there's no dedicated thing that you
Dialogue: 0,1:01:37.44,1:01:41.66,Default,,0000,0000,0000,,first have to encapsulate in a VPN before\Nyou can route it over the Internet. You
Dialogue: 0,1:01:41.66,1:01:47.06,Default,,0000,0000,0000,,can run Diameter over the open Internet if\Nyou want. It's stupid, but people seem to
Dialogue: 0,1:01:47.06,1:01:52.17,Default,,0000,0000,0000,,do it anyway.\NHerald: OK, the microphone number six,
Dialogue: 0,1:01:52.17,1:01:55.31,Default,,0000,0000,0000,,please.\NMic 6: OK, my question is, if you could
Dialogue: 0,1:01:55.31,1:02:00.45,Default,,0000,0000,0000,,comment why these message were put in the\Nprotocol at the first place, it they are
Dialogue: 0,1:02:00.45,1:02:07.27,Default,,0000,0000,0000,,so easy to block and to fix. And the other\Nquestion is, if all the other problems
Dialogue: 0,1:02:07.27,1:02:11.62,Default,,0000,0000,0000,,that you pointed out are as easy to fix\Nfor the network operators.
Dialogue: 0,1:02:11.62,1:02:16.78,Default,,0000,0000,0000,,K: So I don't have an answer to your first\Nquestion. Why do you put a tracking
Dialogue: 0,1:02:16.78,1:02:22.47,Default,,0000,0000,0000,,message in the standard and then call it\NAnytimeInterrogation, gosh, like that
Dialogue: 0,1:02:22.47,1:02:25.61,Default,,0000,0000,0000,,invokes feelings for me,\Ninterrogation room and all. I mean, this
Dialogue: 0,1:02:25.61,1:02:30.44,Default,,0000,0000,0000,,is spy stuff, right? And there's no\Npractical, purposeful but. Right. Who
Dialogue: 0,1:02:30.44,1:02:35.00,Default,,0000,0000,0000,,wrote SS7 standard? Western European\Ngovernments being afraid of the Russians,
Dialogue: 0,1:02:35.00,1:02:39.06,Default,,0000,0000,0000,,of their own citizens, who knows? Right. I\Ndon't know why they put every single
Dialogue: 0,1:02:39.06,1:02:44.28,Default,,0000,0000,0000,,message in, though. So your second\Nquestion was what again?
Dialogue: 0,1:02:44.28,1:02:49.06,Default,,0000,0000,0000,,Mic 6: If the other vulnerabilities are as\Neasy as to fix? Or just blocking messages.
Dialogue: 0,1:02:49.06,1:02:55.73,Default,,0000,0000,0000,,K: No they're not. And I tried to point\Nthat out in one of the slides that… that
Dialogue: 0,1:02:55.73,1:03:02.27,Default,,0000,0000,0000,,AnytimeInterrogation can be fixed, as can,\Nfor instance, as does SendIdentification
Dialogue: 0,1:03:02.27,1:03:07.31,Default,,0000,0000,0000,,message, right. You just block that has no\Npurpose, routing this internationally. But
Dialogue: 0,1:03:07.31,1:03:11.60,Default,,0000,0000,0000,,the other queries on this page, at least\Nyou need those internationally, at least
Dialogue: 0,1:03:11.60,1:03:17.43,Default,,0000,0000,0000,,to enable roaming. So the best you can do\Nis, as I said, first block these queries
Dialogue: 0,1:03:17.43,1:03:21.01,Default,,0000,0000,0000,,from anybody who's not your roaming\Npartner, right? Don't respond to those
Dialogue: 0,1:03:21.01,1:03:26.52,Default,,0000,0000,0000,,people and then do some plausibility \Nchecking, secondly, make sure that if a
Dialogue: 0,1:03:26.52,1:03:31.38,Default,,0000,0000,0000,,subscriber is actually in your own network, \Nthat you don't honor requests from another
Dialogue: 0,1:03:31.38,1:03:36.60,Default,,0000,0000,0000,,country. Right. And that should remove most \Nof the issues because most abuse comes from
Dialogue: 0,1:03:36.60,1:03:40.34,Default,,0000,0000,0000,,other countries. It's just more likely if\Nthere's 800 parties connected to this
Dialogue: 0,1:03:40.34,1:03:46.90,Default,,0000,0000,0000,,network that the one doing the abuse is\Nnot yours. Good question. {\i1}Thanks.{\i0}
Dialogue: 0,1:03:46.90,1:03:59.00,Default,,0000,0000,0000,,Subtitles created by c3subtitles.de\Nin the year 2021. Join, and help us!