Mobile network security report: Poland



Similar documents
Mobile network security report: Netherlands

Mobile network security report: Germany

Mobile network security report: Poland

Mobile network security report: Belgium

GSM security country report: USA

GSM security country report: Germany

Mobile network security report: Norway

Mobile network security report: Greece

Defending mobile phones. Karsten Nohl, Luca Melette,

An Example of Mobile Forensics

SPYTEC 3000 The system for GSM communication monitoring

GSM and UMTS security

UMTS security. Helsinki University of Technology S Security of Communication Protocols

GSM Risks and Countermeasures

GSM Research. Chair in Communication Systems Department of Applied Sciences University of Freiburg 2010

Mobile Phone Security. Hoang Vo Billy Ngo

ASR 5x00 Series SGSN Authentication and PTMSI Reallocation Best Practices

SENSE Security overview 2014

(U)SimMonitor: A Mobile Application for Security Evaluation of Cellular Networks

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Attacking Automatic Wireless Network Selection. Dino A. Dai Zovi and Shane A. Macaulay

Security Requirements for Wireless Networking

Encrypted SMS, an analysis of the theoretical necessities and implementation possibilities

Mobile self- defense. Karsten Nohl SRLabs Template v12

Security of phone communications

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Worldwide attacks on SS7 network

Security Issues with the Military Use of Cellular Technology Brad Long, Director of Engineering, IFONE, Inc.

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

introduction to femtocells

USB Portable Storage Device: Security Problem Definition Summary

Theory and Practice. IT-Security: GSM Location System Syslog XP 3.7. Mobile Communication. December 18, GSM Location System Syslog XP 3.

Reviving smart card analysis

RADIUS. Brief brochure. Product Purpose

Ch GSM PENN. Magda El Zarki - Tcom Spring 98

IMSI Catcher. Daehyun Strobel. 13.Juli Seminararbeit Ruhr-Universität Bochum. Chair for Communication Security Prof. Dr.-Ing.

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Three attacks in SSL protocol and their solutions

How To Use A Femtocell (Hbn) On A Cell Phone (Hbt) On An Ipad Or Ipad (Hnt) On Your Cell Phone On A Sim Card (For Kids) On The Ipad/Iph

CSCE 465 Computer & Network Security

GSM Databases. Virginia Location Area HLR Vienna Cell Virginia BSC. Virginia MSC VLR

USB Portable Storage Device: Security Problem Definition Summary

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

SS7: Locate. Track. Manipulate.

Chapter 17. Transport-Level Security

SHORT MESSAGE SERVICE SECURITY

Karsten Nohl, Breaking GSM phone privacy

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Man-in-the-Middle Attack on T-Mobile Wi-Fi Calling

Monitoring mobile communication network, how does it work? How to prevent such thing about that?

Security Protocols/Standards

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Notes on Network Security - Introduction

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

Security in the GSM Network

Mobile Device Management:

Global System for Mobile Communications (GSM)

THE FUTURE OF MOBILE SECURITY

The Trivial Cisco IP Phones Compromise

Distributed Denial of Service Attack Tools

How To Write A Transport Layer Protocol For Wireless Networks

An Oracle White Paper December The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks

Where every interaction matters.

Network Security. Chapter 14. Security Aspects of Mobile Communications

A Framework for Secure and Verifiable Logging in Public Communication Networks

!!! "# $ % & & # ' (! ) * +, -!!. / " 0! 1 (!!! ' &! & & & ' ( ' 3 ' Giuseppe Bianchi

The Misuse of RC4 in Microsoft Word and Excel

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

Mobile Phone Network Security

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

INSTANT MESSAGING SECURITY

Trust Digital Best Practices

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Security Evaluation of CDMA2000

Dashlane Security Whitepaper

SecureCom Mobile s mission is to help people keep their private communication private.

Evaluating GSM A5/1 security on hopping channels

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Protocol Rollback and Network Security

9.1 Introduction. 9.2 Roaming

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation

Mobile Security. Practical attacks using cheap equipment. Business France. Presented the 07/06/2016. For. By Sébastien Dudek

TS-3GB-S.R0103-0v1.0 Network Firewall Configuration and Control (NFCC) - Stage 1 Requirements

Compter Networks Chapter 9: Network Security

Wireless LAN Security Mechanisms

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

Criteria for web application security check. Version

Delivery of Voice and Text Messages over LTE

Security in cellular-radio access networks

Proxies. Chapter 4. Network & Security Gildas Avoine

Message Authentication Codes. Lecture Outline

Transcription:

Mobile network security report: Poland GSM Map Project gsmmap@srlabs.de Security Research Labs, Berlin October 2014 Abstract. Mobile networks differ widely in their protection capabilities against common attacks. This report details the protection capabilities of four mobile networks in Poland. All 3G networks in Poland implement sufficient 3G intercept protection. Some popular passive 2G intercept devices will not work against T-Mobile. T-Mobile 2G users are predominantly using latest encryption technology. Users of Play Mobile are not sufficiently protected from 2G intercept. Impersonating 2G users of Orange Polska, Play Mobile, and Plus is possible with simple tools. Orange Polska and Plus allow user tracking.

Contents 1 Overview 2 2 Protection measures 3 3 Attack scenarios 4 3.1 Passive intercept.................................. 4 3.2 Active intercept.................................. 5 3.3 Impersonation................................... 6 3.4 User tracking................................... 6 4 Conclusion 7 1 Overview Protection dimension (higher means better) Operator Intercept Impersonation Tracking Orange Polska 2G 54% 51% 3G 92% 47% Plus 2G 55% 55% 3G 91% 10% T-Mobile 2G 69% 83% 3G 90% 84% Play Mobile 2G 36% 23% 52% Table 1: Implemented protection features relative to 2014 best practices (according to SRLabs GSM metric v2.5) Disclaimer. This report was automatically generated using data submitted to gsmmap.org by volunteers. (Thank you!) The analysis does not claim accuracy. Please do not base far-reaching decisions on the conclusions provided herein, but instead verify them independently. If you detect inaccuracies, we are looking forward to hearing from you. This document provides a security analysis of Poland s four mobile networks, based on data collected between December 2011 and October 2014. The analysis is based on data samples submitted to the GSM Map project 1. It compares implemented protection features across networks. 1 GSM Map Project: https://gsmmap.org Mobile network security report: Poland Page 2

C The SRLabs network security metric condenses a7ack vectors and mi9ga9ons Risk category Risks Components Mitigations Intercept (2G) Impersonation (2G) Tracking Intercept voice Intercept SMS Make calls illegitimately Receive victim s calls Local tracking Global tracking Predict freq s Crack keys in real time Crack keys offline Reuse cracked keys Track IMSI/ TMSI HLR location finding SRLabs Metric v2.0 Hopping entropy A5/3 Padding randomization A5/3 Padding randomization SI randomization Update key in each transaction Update TMSI in each transaction Encrypt location updates (preferably with A5/3) Always encrypt IMSI Hide MSC and IMSI in HLR responses Figure 1: Best practice protection measures can mitigate three attack scenarios. 0 The GSM Map website reports protection features condensed into three dimensions as shown in Table 1. This report details the logic behind the analysis results, lists some of the implemented protection features, and maps the protection capabilities to popular attack tools. 2 Protection measures The SRLabs GSM security metric is built on the understanding that mobile network subscribers are exposed to three main risks: Intercept. An adversary records calls and SMS from the air interface. Decryption can be done in real time or as a batch process after recording transactions in bulk. Impersonation. Calls or SMS are either spoofed or received using a stolen mobile identity. Tracking. Mobile subscribers are traced either globally using Internet-leaked information or locally by repeated TMSI pagings. The SRLabs metric traces these three risks to an extensive list of protection measures, some of which are listed in Figure 1. For 3G networks, GSMmap currently assesses intercept protection only. We understand that that the mandatory integrity checking in 3G protects from simple impersonation attacks. Table 2 details the implementation depth of some of the mitigation measures present in Poland s mobile networks. Mobile network security report: Poland Page 3

Attack vector Networks Orange Polska Plus T-Mobile Play Mobile 2G Over-the-air protection - Encryption algorithm A5/1 98% 100% 7% 100% A5/3 2% 0% 93% 0% - Padding randomization - SI randomization - Require IMEI in CMC - Hopping entropy - Authenticate calls (MO) 63% 96% 90% 0% - Authenticate SMS (MO) 28% 0% 97% 30% - Authenticate paging (MT) 21% 42% 89% 0% - Authenticate LURs 95% 93% 80% 50% - Encrypt LURs 100% 100% 100% 100% - Update TMSI 51% 24% 13% 89% 3G Over-the-air protection - Ecryption - Update TMSI 20% 6% 1% HLR/VLR configuration - Mask MSC - Mask IMSI Table 2: Protection measures implemented in analyzed networks, compared to best practice references observed in 2014. 3 Attack scenarios The protection measures impact the effectiveness of various common mobile network attack tools. 3.1 Passive intercept Passive 2G intercept requires two steps: First, all relevant data needs to be intercepted. This step cannot be prevented completely, but aggravated significantly by using less predictable frequency hopping sequences. Play Mobile, Plus, and T-Mobile use such less predictable hopping sequences. In 3G networks, regular totation of the TMSI makes it harder to target a phone for intercept (Update TMSI). Mobile network security report: Poland Page 4

Secondly, the intercepted call and SMS traces need to be decrypted. In 2G networks, this can be prevented by hardening the A5/1 cipher or by upgrading to modern encryption algorithms. Currently, there is no publicly known cryptanalytic attack against the common 3G encryption algorithm, A5/3. All 3G networks in Poland in Poland use this encryption algorithm. Hardening the A5/1 cipher. The A5/1 cipher was developed in 1987 and is still the most common encryption algorithm for 2G calls. First weaknesses of this cipher were discussed in 1994 2, but it took until the mid-2000 s until successfull attacks on 2G were demonstrated publicly. These attacks exploit (partially) known plaintexts of the encrypted GSM messages to derive the encryption key. Consequently, countermeasures need to reduce the number of predictable bits in 2G frames. Nowadays, several generations of passive A5/1 decipher units exist, that attack different parts of the transaction. Early generation boxes attack the Cipher Mode Complete message. T-Mobile generally protects from these boxes. Orange Polska and Play Mobile are fully vulnerable (Require IMEI in CMC). More modern decipher units leverage predictable Null frames. These Null frames contain little to no relevant information and are filled up with a fixed uniform padding, facilitating knownplaintext attacks. Orange Polska, Plus, and T-Mobile are particularly prone to this type of attack. Recently updated intercept boxes further leverage System Information (SI) messages. These messages can be randomized, or not sent at all during encrypted transactions (SI randomization). None of the networks in Poland are protected against this type of attack. Upgrading to modern encryption algorithms. With the introduction of 3G mobile telecommunications technology, the A5/3 cipher was introduced to 2G standards. Only theroretical attacks on this cipher were so far presented publicly, none of which have practical significance. Modern phones can use this cipher for 2G communication, if the network supports it. With passive intercept being prevented, attackers must use active intercept equipment, e.g. fake base stations, as described in Section 3.2. Orange Polska and T-Mobile have begun rolling out A5/3. To intercept subscribers of Orange Polska and T-Mobile in A5/3-enabled areas, attackers will need to use active equipment. In Poland, Orange Polska, Play Mobile, and Plus continue to mostly rely on outdated encryption. 3.2 Active intercept Attacks through fake 2G base stations can be prevented to different degrees, based on what the fake base station is used for: Location finding: In this attack scenario, a phone is lured onto a fake station so that the phone s exact location can be determined. This scenario occurs independent of the phone network and hence cannot be prevented through network protection measures. 2 See https://groups.google.com/forum/#!msg/uk.telecom/tkdcaytoeu4/mroy719hdroj Mobile network security report: Poland Page 5

Outgoing call/sms intercept: A fake base station can proxy outgoing connections. In this attack, connectivity to the real network is not necessarily required, so no protection can be achieved from outside the phone. Encrypted call/sms intercept: Modern fake base stations execute full man-in-the-middle attacks in which connections are maintained with both the phone and the real network. Networks can make such active attacks more difficult with a combination of two measures: First, by not allowing unencrypted calls. Secondly, by decreasing the authentication time given to an attacker to break the encrytion key. This timeout can be as much as 12 seconds according to common standards. The GSM Map database currently lacks reliable data on authentication times in Poland. All 2G networks in Poland use encryption in all 2G call and SMS transactions. All 3G networks in Poland encrypt relevant 3G transactions. However, the GSMmap currently lacks data to decide whether the networks would accept subscriber-originated unencrypted transactions as well. 3.3 Impersonation Mobile identities can (temporarily) be hijacked using specific attack phones. These phones require the authentication key deciphered from one transaction. They use this key to start a subsequent transaction. The obvious way to prevent this attack scenario is by requiring a new key in each transaction (Authenticate calls/sms). In Poland, 2G call impersonation is possible against Orange Polska and Play Mobile. The same is possible for SMS messages from Orange Polska, Play Mobile, and Plus. 3G networks are generally protected against this type of impersonation attacks. 3.4 User tracking Mobile networks are regularly used to track people s whereabouts. Such tracking occurs at two different granularities: Global tracking: Internet-accessible services disclose the general location of GSM customers with granularity typically on a city level. The data is leaked to attackers as part of SMS delivery protocols in form of the MSC address (Mask MSC). Orange Polska, Play Mobile, and T-Mobile suppress MSC information for their customers in Poland. Plus allows MSC-based tracking. In addition, users IMSI s can leak in HLR requests. This is the case for Orange Polska, Play Mobile, and Plus. T-Mobile protects this information. Local tracking: Based on TMSI identifiers, users association with location areas and specific cells can be tracked, providing a finer granularity than MSC-based tracking, but a less fine granularity than location finding with the help of fake base stations. IMSI-based tracking is made more difficult by changing the TMSI in each transaction (Update TMSI). Orange Polska and Play Mobile have implemented this feature. Plus and T-Mobile have Mobile network security report: Poland Page 6

not addressed this threat thoroughly. 4 Conclusion The mobile networks in Poland implement only few of the protection measures observed in other networks. T-Mobile has begun upgrading their network to the more secure A5/3 encryption algorithm. T- Mobile has reached significant A5/3-coverage. T-Mobile is protecting its subscribers particularly well against tracking. The evolution of mobile network attack and defense techniques is meanwhile progressing further: Modern A5/1 deciphering units are harvesting the remaining non-randomized frames and thanks to faster computers are achieving high intercept rates again. The 3GPP, on the other hand, already completed standard extensions to reduce A5/1 attack surface to a minimum. These standards from 2009 are only hesitantly implemented by equipment manufacturers, leaving users exposed to phone intercept risks. The available protection methods even when implemented in full are barely enough to protect users sufficiently. A stronger push for implementing modern protection measures is needed to revert this erosion of mobile network security. Mobile network security report: Poland Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information