This workshop explains telecommunication networks and their particular technologies. Typical security pitfalls in design and implementation will be explained and demonstrated. The workshop is designed as hands-on, means that if technically possible the participants are very welcome to do it on their own. In this manner, different attack methodologies and tools will be presented for information gathering, attacking and exploiting telecommunication networks. A knowledge of this tools is not only important from an attackers perspective, it is also important for providers and manufacturers to implement proposed features properly and work out secure configurations. Otherwise this will result in security breaks in back- or front-end structures. Because the workshop will be for only one day, it will focus only on some aspects and technologies and is meant as a brief introduction to practical security in telecommunication networks.
architecture of telecommunication networks: GSM, UMTS, and LTE
communication principals between phones and base stations
security of this over the air communication
Introduction to the Core Network
Self Organizing Networks
Laptop with USB; Virtualbox installed. Administrator rights needed. Laptop bootable from USB.
In telecommunication interested people. Basic understanding of telecommunication will be helpful. Network and OS knowledge assumed.
Kévin Redon first learned about telecommunication networks during a lecture at University. He preferred computer networks though, which are far less complicated and cumbersome. Later another teacher gave him the opportunity to play with a base station. Since then he looked at the security of different aspects, going from the SIM card, through basebands, to femtocells. After showing several vulnerabilities at conferences, he joined the product security team of Qualcomm to try improve the state.
Hendrik Schmidt is a seasoned security researcher with vast experiences in large and complex enterprise networks. He is a pentester at the German based ERNW GmbH with focus on telecommunication networks. Over the years he evaluated and reviewed all kinds of network protocols and applications. He loves to play with complex technologies and networks and demonstrated several implementation and design flaws. In this context he learned how to play around with core and backhaul networks, wrote protocol fuzzers and spoofers for testing implementations and security architecture. As his profession of pentester, security researcher and consultant he will happily share his knowledge with the audience.