Академический Документы
Профессиональный Документы
Культура Документы
By
K.KARTHIK
SRI SAI NATH
OVERVIEW
INTRODUCTION
MOBILE COMMUNICATION
A Communication network which does not
depend on any physical connection
between two communications.
MOBILE COMMUNICATION
SERVICES
2G
GSM Global System for Mobile
Communications GPRS -- General Packet
Radio Service
EDGE Enhanced Data rates for Global
Evolution
3G
UMTS Universal Mobile Telecommunication
System
HSPA High Speed Packet Access
ARCHITECTURE OF
GPRS/EDGE
VULNERABILITIES
Lack of Mutual Authentication
GEA0 Support
UMTS --> GPRS/EDGE fallback
TOOLS REQUIRED
Laptop
BTS (Base Transceiver station)
GGSN (Gateway GPRS Support Node)
BSC (Base Station Controller)
SSGN (Service GPRS Support Node)
Cell Phone Jammer
INITIAL SETUP
STEP 1
Cell characterization
STEP 2
STEP 3
STEP 4
4
Attacker gets full MitM
control of victims
data communications
RESULT
ATTACK 1
Sniffing data from phone
What happened?
ATTACK 2
Phising attack against an iPad (http version)
What happened?
ATTACK 3
Phising attack against an iPad (https version)
What happened?
ATTACK 4
Attacker takes over a Windows PC via GPRS/EDGE
What happened?
user / password
remote desktop
ATTACK 5
What happened?
ATTACK 6
Attacking other GPRS/EDGE devices
What happened?
FTP
Defending ourselves
So, what can we do to protect our
mobile data communications?
SOLUTION
COUNTERMEASURES
Configuring Mobile Devices only to 3G and
rejecting GPRS/EDGE services
Encrypt our data communications at
higher layers (https, ssh, IPsec, etc.)
CONCLUSION
We must protect our GPRS/EDGE
mobile data communications:
Know the vulnerabilities
Evaluate the risks
Take appropriate countermeasures