DEF CON 31 - Using SIM Tunneling to Travel at Light Speed - Adrian Dabrowski, Gabriel Gegenhuber

День тому

Cellular networks form large complex compounds for roaming purposes. Thus, geographically-spread testbeds for masurements and rapid exploit verification are needed to do justice to the technology's unique structure and global scope. Additionally, such measurements suffer from a combinatorial explosion of operators, mobile plans, and services. To cope with these challenges, we are releasing an open-source framework that geographically decouples the SIM (subscription) from the cellular modem by selectively connecting both remotely. This allows testing any subscriber with any operator at any modem location within seconds without moving parts. The resulting measurement and testbed platform "MobileAtlas" offers a scalable, controlled experimentation environment. It is fully open-sourced and allows other researchers to contribute locations, SIM cards, and measurement scripts.
Using the above framework, our international experiments in commercial networks revealed exploitable inconsistencies in traffic metering, leading to multiple data "phreaking" opportunities ("free-ride"). We also expose problematic IPv6 firewall configurations, hidden SIM card communication to the home network, and fingerprint dial progress tones to track victims across different roaming networks and countries with voice calls.

КОМЕНТАРІ: 18

@jeffcard3623 7 місяців тому

The comedy was over the head of this audience.

@Hukkinen 7 місяців тому

38:05 Privacy: Location Tracking with Ringback Tone Fingerpringing - This is quite something. The current country of a person can be determined.

@sabofx 7 місяців тому

Great presentation! Thank you for sorting this out! Mobile providers have profited more than enough from us, bandwidth hungry tourists. It's payback time! 🤭 PS: What's up with the audience at defcon31? They seem barely responsive. (Not just at this talk) Either someone should check them for a pulse 😵, or you need to point at least one 🎤 towards the public.

@zxcvb_bvcxz 7 місяців тому

From the audio of most of the talks, they had enough trouble getting a clear recording of the speaker. The audience is audible in some talks but it appears to either be gated or attenuated.

@zxcvb_bvcxz 7 місяців тому

@@dabrams84 a) lol b) the audience noise is gated, you can clearly hear it kicking in in other videos.

@CJ1337HF 7 місяців тому

Yeah I was there and there was plenty of laughs. It's just filtered out

@DonaldDucksRevenge 5 місяців тому

This the wholesomest hackery since Crunch whistled into a payphone

@IgnatRemizov 7 місяців тому

I wonder what the cost spread is like. What is the actual $ per GB roaming cost between all the different operators? Which one is the best, based on various factors? I would love to know

@dtriplett03 5 місяців тому

Idk yet, but , 🇺🇸 increased 🇬🇧 decreased 😢😮

@vildis. 5 місяців тому

What happened to Spoofify? Mentions about it are gone from the slides and i can't find the project anywhere

@BASSNETIC-MUSIC 6 місяців тому

The jokes were much to smart for this audience 😂 That fingerprinting is wild. Indonesia blocks your foreign device based on IMEI after a while and you need to pay tax to unlock it. Even if you try to circumvent this by putting the SIM in another device and connect through that using a hotspot! Would be nice to not have to deal with such nonsense.