Mobile Interconnect Threats: How Next-Gen Products May be Already Outdated

Black Hat USA 2019

Presented by: Guillaume Teissier
Date: Thursday August 08, 2019
Time: 09:00 - 09:25
Location: Lagoon JKL

Walled garden" used to be the security principle backing SS7 networks. This is no longer the case, and some attackers may benefit from access to these networks to leverage mobile network functions: geolocation, access to subscriber's profile, interception of communications. Mobile network operators now deploy new equipments to detect attacks and protect their customers. These new equipments are expected to be robust against wild traffic and safe. We describe in this talk vulnerabilities we have discovered and what we look into when assessing security of such products.

Guillaume Teissier

Guillaume Teissier is a French security researcher working for Orange Group. His main activities are penetration tests and audits on Telco infrastructure and services. He has found several vulnerabilities, which have been responsibly disclosed, on various products, like CVE-2018-7364 (ZTE IN), CVE-2017-10617 (Juniper Contrail), or CVE-2016-6271 (bzrtp). He has given talks at SSTIC 2018 and Troopers TSD 2019.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats