Presentation Material

Abstract

There are ongoing attacks on telecom operators and other major organizations using telecom networks. Such attacks include the usage of signaling protocols, take use of exposed nodes on the Internet or core nodes reachable from the user side.

Attackers are not only using the well-known signaling protocol vulnerabilities to perform attacks on organizations, but it is even possible to gain access to the operator’s core network by violating traffic policies and performing signaling protocol exploitation. Telecom operators need to level up in implementing end-to-end security by design.

In this talk, we will go through a high-level Telecom network architecture and understanding various critical nodes with their respective functionalities. We will discuss various ways to access telecom networks and explain the methodology to gain an initial foothold inside the telecom network.

We will be speaking about examples of how a complex attack to a telco would look like, including mapping the core network components and exploiting protocol level vulnerabilities in SS7 and GTPv2.

We will also include live demonstrations of attacks using SigPloit a signaling exploitation framework authored by us and will discuss best practices in reducing the attack surface.