Penetration Testing mailing list archives
Re: Questions on GSM Penetration test
From: "Tom Buelens" <email () tombuelens com>
Date: Thu, 24 Jan 2002 23:47:21 +0100
Dear mr. Ricci, There are companies that offer tools and equipement to violate privacy on GSM networks. I am sure that if you are 'testing' a good network they (the operator) are aware that GSM is not an flawless concept. However they will also know the countermesure of each type of attack, if such exists. I do not have the impression that you are lawfully testing such a network. Therefor I will not aid you with company names but with types of attack I know. 1. You can overpower a basestation with your fake basestation. FLAW: The sim / GSM has to authenticate to the network. The network does not have to prove it's authenticety. Secondly the GSM will allways use the strongest signal. 2. You can copy a sim card. There are ways to get too the important numbers and reprogram them. 3. You can eavesdrop comunications between basestations. It's a focused beam of information but over a distance of km's the beam will spread a little. Hope I've set you on your way. Good luck. I am not here to judge who is to use lawfull interception tools and who is not. I would like to get rid of mistakes.
Hello All, I would like to know if there is any company offering penetration test services onto GSM network not the IP network. How to perform that type of test? Which company can offer that service? Thanks. Ricci
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Detecting if SecureIIS from Eeye is installed Sacha Faust (Jan 22)
- Re: Detecting if SecureIIS from Eeye is installed Ryan Permeh (Jan 23)
- Questions on GSM Penetration test ricci_ieong (Jan 24)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 25)
- Re: Questions on GSM Penetration test M Lister (Jan 26)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 27)
- Re: Questions on GSM Penetration test M Lister (Jan 27)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 27)
- RE: Questions on GSM Penetration test Fernando Cardoso (Jan 28)
- Re: Questions on GSM Penetration test Wouter Slegers (Jan 31)
- Questions on GSM Penetration test ricci_ieong (Jan 24)
- Re: Detecting if SecureIIS from Eeye is installed Ryan Permeh (Jan 23)
- Re: Questions on GSM Penetration test Martin Tomasek (Jan 27)
- Re: Questions on GSM Penetration test John Adams (Jan 28)
- Message not available
- Re: Questions on GSM Penetration test Emmanuel Gadaix (Jan 27)