Publication date: May 11, 2018

Telecom security at PHDays: we've got you covered

Security in the mobile industry is making headlines: eavesdropping, SMS interception, spoofing, and SIM card hacking are only a few of the possible attacks. At Positive Hack Days, we invite you to learn about the vulnerabilities in mobile networks and try to hack a mobile operator that we've set up specially for the event. Read on for an overview of PHDays contests and talks covering all aspects of telecom security.

Today it's hard to find an industry that does not depend on mobile network operators. A payment terminal in a café, an alarm system in a country house, a gas meter, a truck driving down a highway—all these now have a SIM card inside. Connectivity has brought convenience and efficiency, but not security. Concerns abound: SIM cards carrying viruses, SDRs and IMSI catchers, tracking and eavesdropping via SS7, denial of service on LTE networks, and over-the-air GSM eavesdropping, to name a few. On May 15 at 2:00 p.m., Positive Technologies Director of Telecom Security Dmitry Kurbatov will give a talk entitled "Telecom security: getting better or worse?" (Seliger Hall). The speaker will tell about threats to the connected world and the weaknesses lurking in today's smart cities, transportation, and electrical grid.

The forum venue will also have its very own mobile network, for testing and hacking purposes. Positive Technologies telecom security experts will demonstrate popular methods for attacking mobile subscribers: IMSI disclosure, geotracking, SMS interception, and call redirection. Visitors can follow the actions of the "attackers" on large screens, as well as see how this is monitored and logged by PT Telecom Attack Discovery. In addition, the test stand will provide a chance to practice exploiting SS7 vulnerabilities, using protection tools, intercepting and eavesdropping on GSM traffic, and putting SDRs to use.

On May 15, technical talks in the Press Hall will be given by Positive Technologies telecom security experts. At 10:00 a.m., Sergey Mashukov will speak on the topic "Exploiting vulnerabilities in the 4G Diameter interoperator network," which will detail security issues with the Diameter protocol. The speaker will share results of security audits conducted for different MNOs. He will also describe successful test attacks he has performed in these environments. Later at 11:00 a.m., Vadim Yanitskiy and Warsaw University of Technology graduate student Piotr Krysik will describe how to use open-source software (OsmoBTS or OpenBTS) to turn an SDR into a GSM mobile phone.

Today's phreakers are still targeting telecom companies—and you can become one of them thanks to MITM Mobile. Intercept the airwaves of our on-site mobile operator. The two participants completing the most tasks will win prizes. To take part, bring your own Osmocom, SDR, virtual machines, and other necessary equipment.

Of course, the forum will also include The Standoff, a 30-hour cyberbattle in which teams of attackers, defenders, and security operations centers fight for control of a virtual city. The battleground: the full-scale digital infrastructure of a mock metropolis. Attackers will have plenty of interesting targets, including a telecom operator, Internet provider, residents who actively use cell phones and the mobile Internet, plus IoT and VoIP devices. During the game, attacker teams will be able to probe the security of telecom systems identical to those used in real cities. Participation in The Standoff is restricted to teams that have registered in advance.

We hope to see you at PHDays! The cost of a ticket is RUB 14,400 for two days and RUB 9,600 for one day.

All news