Thursday 3 October 09:00 - 09:30, Green room
Cathal Mc Daid (AdaptiveMobile Security)
AdaptiveMobile Security has detected a unique and novel mobile core network vulnerability that is currently being exploited by a sophisticated attacker in multiple countries for surveillance reasons. This exploit represents arguably one of the most complex and sophisticated attacks ever seen over mobile core networks. The observed attack involves the remote retrieval of specific information, such as location information, without the awareness or interaction of the mobile phone user. The vulnerability can also be used to perform additional types of attacks, such as denial of service, fraud, and other forms of information harvesting.
In this session, we will explain the vulnerability and how it is exploited. To begin, we will cover how the vulnerability works structurally, and its technology underlay. Then we will discuss its potential reach, which operators and which countries could be affected, along with an idea of where we have actually seen attacks occurring. We will then give some intelligence overviews – i.e. who we think is exploiting it, and why. We will also show the attack’s evolution over time, and the reaction of the attackers to their activity being detected and blocked, both on our side and at an industry level. Finally, we will show what we found to be the best ways to detect and block related attacks, and provide tactical recommendations for the future to deal with the evolution of mobile network attacks.
Cathal Mc Daid
Cathal Mc Daid is the Chief Technology Officer at AdaptiveMobile Security. He is one of the world’s foremost experts in mobile network signaling security. As CTO his role is to define the technology strategy and long-term technical vision, as well as to lead the team responsible for applied research in the fields of cybersecurity & mobile networks. His pivotal work in the industry has been recognized by the GSM Association where he is a primary contributor to the GSMA’s Fraud and Security Group, including being editor and leading author of the SS7 Interconnect Security Monitoring and Firewall Guidelines (FS.11). He has over 15 years of experience in telecoms, messaging and security, he is a frequent contributor to business and technology media, where his work has featured on USA Today, BBC, Forbes, Bloomberg and The Register. He is also a regular speaker at industry events.
Benoît Ancel (CSIS)
Pierre-Luc Vaudry (ZEROSPAM Security)
Olivier Coutu (ZEROSPAM Security)
Shusei Tomonaga (JPCERT/CC)
Tomoaki Tani (JPCERT/CC)
Hiroshi Soeda (JPCERT/CC)
Wataru Takahashi (JPCERT/CC)