Penetration Testing mailing list archives
Re: RE: Questions on GSM Penetration test - Security Associates
From: "Naveed Anwar" <naveed () middleoffice com>
Date: Sun, 27 Jan 05:24:22 2002 +0000
Security Associates (http://www.securityassoc.com) offer a Telecommunications Vulnerability Testing including Wireless Communications (Voice, Picture) - up to 2.4 GHz, which I guess inculdes GSM....Check out their brochure for full details. GSM secuirity has improved alot since the early 90's when the analog system was replaced with digital (in Europe), hence this prevented people using cheap scanners to pick up voice conversations, which previously had been sent in the clear. I would say current issues are SMS and sending and capturing of EMI numbers. Thanks Naveed
-------- ORIGINAL MESSAGE BELOW -------- GSM security is generally not very well understood by your average "pentest" company. There is one company that is specializing in this domain. Check out http://www.globerelay.com The pentest of a GSM network does involve "normal" security work (e.g. firewall assessment, host hardening, application review, routers security, etc.) It mostly involve testing GSM Network Elements (NE) such as MSC, HLR, BSC, BTS, VMS, OTA, SMSC, IN, etc. Such NEs sometimes run obscure operating systems and are very proprietary. Most of them assume knowledge of digital signalling protocols such as SS7 (MTP, SCCP, TCAP, MAP, ISUP, BSSAP, INAP, CAMEL). The most important part of a GSM network are actually not the NEs themselves but the OSS network that managed them. As such, platforms such as the NMS (Network Management system), the mediation device and the billing system environment are very critical to the security of the GSM infrastructure. For anybody who's interested I have written a paper last year (that was presented at Blackhat Hong Kong and Singapore) on GSM security, so feel free to ask and I'll send you a copy. Regards Emmanuel At 04:32 PM 1/25/2002, Lubomir.Nistor () star-21 de wrote:I really doubt that there is any company like this.. as not many people on this planet know how exactly GSM network works, and those people are building it.. Penetration test of GSM net should be done as a normal pen-test, but I suppose insider attack is where can be done a lot. outside attacks have to do something with radio engineering and basestation-phone communication (DoS, wiretaping, ..) inside attacks are more interesting, as you can access devices via IP :) no radio :) and do some serious (mis)configuration. Although I haven't done any GSM pentests, but i know some radio networks basics... Lubo PS: if anybody got some docs about how GSM radio communication works pls send me a copy (not general descr, but specific protocol descr, fields descr, timing etc..) PS2: sources of firmware helps as well.. -----Original Message----- From: ricci_ieong [mailto:ricci_ieong () yahoo com] Sent: Donnerstag, 24. Januar 2002 04:10 To: pen-test () securityfocus com Subject: Questions on GSM Penetration test Hello All, I would like to know if there is any company offering penetration test services onto GSM network not the IP network. How to perform that type of test? Which company can offer that service? Thanks. Ricci _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: RE: Questions on GSM Penetration test - Security Associates Naveed Anwar (Jan 27)