April 21, 2014

Mobile Switching Center DoS

Mobile Services Switching Center (MSC) is a core element in GSM/UMTS network. MSC is responsible for routing voice calls, as well as other services.

Is it difficult to conduct DoS against MSC and leave mobile subscribers without connection? It depends.  We go for SS7 networks.

Modern protocols usually have embedded security features, but not including SS7/SIGTRAN stack.  Difficult connection procedures provide access control for SS7 signal networks, and at the same time, are expensive and mostly red-tape. But convergent IP networks allows us to access SS7 far easier. And this leads to a security threat as an attacker could send signal messages in SS7 networks, as well as intercept and modify the messages on his/her own way.

April 3, 2014

Search and Neutralize. How to Determine Subscriber’s Location

Mobile networks can be attacked though multiple vectors. In this article, we will consider an attack that allows detecting a cell where a subscriber is located. You see, I do not use more common measure units because the size of a cell is not permanent. In cities, a cell site may have a range of hundred meters, and in rural areas, the range is about several kilometers.