SimBox Security: Fraud, Fun and Failure
Sim-boxes have been around for quite some time and they tend to skirt and bridge the gap between traditional enterprise IT systems used for a legitimate purposes, telecom systems meant for the domain of only the telecom engineer and of course systems perpetrated for fraud losing MNO’s as much as 6% of their profit annually and promising thousands of dollars daily return for their operators.
They are legal is some countries and not others! They can be set up with PBX’s or used entirely on their own! There is a separate industry dedicated to heuristic measurements, detection and neutralisation of sim-boxes and a counter industry designed to avoid detection devices, simulate real subscriber behaviour and outsmart the operators!
But what are these devices, and if were to look at them from a security perspective, and how what controls do they have to keep your data safe (for all you know international messages and calls that you make could very possibly have been routed through sim boxes!!)
This talk examines two popular Simbox vendors and the equipment they provide for real legitimate and some times less legitimate use. How do these systems operate and what actual security controls do they provide for our voice and signaling data; after all, we expect stringent controls when the data flows through the operators, but what about these elements that are operated in some one’s back room?
Come and get a view into a world where enterprise IT systems and Critical infrastructure telecom elements cross over, and absolutely no assurances are given for that $6 a minute international call!