The Cost Of Security And Privacy For Telcos: How To Do The Math

Image credit: Pexels Join Positive Technologies’ telecoms expert Michael Downs for a thought-provoking webinar on the processes and best practices all operators should be following to ensure their networks are secure. In this informative webinar, participants will get an understanding of: the critical security incidents facing telcos every day globally and how operators can remain vigilant in order to support revenue growth how to get … Continue reading The Cost Of Security And Privacy For Telcos: How To Do The Math

How to assemble a GSM phone based on SDR

The smartphones so familiar to most of us contain an entire communication module separate from the main CPU. This module is what makes a \”smartphone\” a \”phone.\” Regardless of whether the phone\’s user-facing operating system is Android or iOS, the module usually runs a proprietary closed-source operating system and handles all voice calls, SMS messages, and mobile Internet traffic. Of course, open-source projects are more … Continue reading How to assemble a GSM phone based on SDR

The First Rule of Mobile World Congress Is: You Do Not Show Anyone Your Mobile World Congress Badge

The biggest event of the telecom industry attracted particularly wide media coverage this year: the King of Spain personally arrived in Barcelona for the opening of the annual Mobile World Congress (MWC 2018), which caused a wave of protests by supporters of the region\’s independence from Madrid. As a result, newspaper front pages and TV channel prime time are all taken by high tech and … Continue reading The First Rule of Mobile World Congress Is: You Do Not Show Anyone Your Mobile World Congress Badge

New bypass and protection techniques for ASLR on Linux

By Ilya Smith (@blackzert), Positive Technologies researcher 0. Abstract The Linux kernel is used on systems of all kinds throughout the world: servers, user workstations, mobile platforms (Android), and smart devices. Over the life of Linux, many new protection mechanisms have been added both to the kernel itself and to user applications. These mechanisms include address space layout randomization (ASLR) and stack canaries, which complicate … Continue reading New bypass and protection techniques for ASLR on Linux

Apple fixes security hole in Intel ME discovered by Positive Technologies

Apple has released a security update for macOS High Sierra 10.13.2, macOS Sierra 10.12.6 and OS X El Capitan 10.11.6, that patches a vulnerability in Intel Management Engine found by Positive Technologies experts Mark Ermolov and Maxim Goryachy. Details are available in a security document on the Apple support website.Intel Management Engine is a microcontroller integrated into the Platform Controller Hub (PCH) with a set … Continue reading Apple fixes security hole in Intel ME discovered by Positive Technologies

Critical KRACK Flaws in WPA Wi-Fi Security: Here’s How to Protect Yourself

Security researchers from Belgian University KU Leuven revealed a key reinstallation attack vulnerability in the WPA2 Wi-Fi protocol. Using this flaw an attacker within range of a person logged onto a wireless network could use key reinstallation attacks to bypass WPA2 network security and read information that should have been securely encrypted. What are the possible consequences of this revelation and how end users can … Continue reading Critical KRACK Flaws in WPA Wi-Fi Security: Here’s How to Protect Yourself

4G Networks Infrastructure Still Vulnerable Despite Upgrade

Billions has been invested, super speed reached, yet none of the security holes have been fixed. Positive Technologies has warned that its research confirms vulnerabilities in the world’s mobile infrastructure still exist, despite billions being invested to upgrade mobile networks to Diameter to carry 4G and 5G traffic. The unaddressed flaws leave mobile communications, and the security practices founded on them, vulnerable allowing hackers to … Continue reading 4G Networks Infrastructure Still Vulnerable Despite Upgrade

SigPloit framework published: telecom vulnerability testing of SS7, GTP, Diameter, and SIP made easy

Code for the open-source SigPloit framework has been published on GitHub by security researcher Loay Abdelrazek. SigPloit is a convenient framework for testing for vulnerabilities in telecommunication protocols. We cannot say state that this project will have a big effect on the security situation, but this is definitely one of the alarm bells that should be noted by telecom industry. What SigPloit does As described … Continue reading SigPloit framework published: telecom vulnerability testing of SS7, GTP, Diameter, and SIP made easy

Attacking SS7: Mobile Operators Security Analysis

The interception of calls is quite a challenging task, but not only intelligence services can pull it off. A subscriber may become a victim of an average hacker who is familiar with the architecture of signaling networks. Commonly known SS7 vulnerabilities allow for the interception of phone calls and texts, can reveal a subscriber’s location, and can disconnect a mobile device from a network. In … Continue reading Attacking SS7: Mobile Operators Security Analysis

Critical Vulnerabilities in 3G/4G Modems or how to build Big Brother

This report is the continuation of \”#root via SMS\”, a research made by the SCADA Strangelove team in 2014. It was devoted to telecommunications equipment vulnerabilities with modem flaws only partially covered. This document describes vulnerabilities found and exploited in eight popular 3G and 4G modems available in Russia and worldwide. The findings include Remote Code Execution (RCE) in web scripts, integrity attacks, Cross-Site Request … Continue reading Critical Vulnerabilities in 3G/4G Modems or how to build Big Brother