We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Business logic flaws in mobile operators services

Formale Metadaten

Titel
Business logic flaws in mobile operators services
Serientitel
Anzahl der Teile
112
Autor
Lizenz
CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
GSM has been attacked in many different ways in the past years. But regardless of the protocol issues, there are also flaws in the logic of the mobile operators' services. One may think that finding an issue which affects only one specific operator in some country couldn't affect other operators. However, this is not the case as most of the operators are using the same equipment and have the same implementation of their services in all of the countries as the operator's group prefers to have a uniform service. This presentation examines different implementation flaws of mobile services which allows you to perform things like accessing someone else's online account, getting free Internet on your mobile device even when roaming, placing free mobile phone calls. Bogdan Alecu (@msecnet) works as a System Administrator for an IT services company and, during his free time, he is an Independent Security Researcher. He received his BSc in Business Information Systems from the "Alexandru Ioan Cuza" University of Iasi. Bogdan has researched for many years in mobile security, starting with Voice over IP and continuing with GSM. One of his research in the GSM security could allow a potential attacker to perform a remote SMS attack which can force mobile phones to send premium-rate text messages. Bogdan is also a frequent speaker at security conferences like DeepSec, EUSecWest, and DefCamp.