Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Network Security IT

Lone Packet Crashes Telco Networks 57

Posted by Soulskill from the sharpshooting-with-information dept.
mask.of.sanity writes "A penetration tester has shown that GSM communications systems can be taken down with a handful of malformed packets. The weakness was in the lack of security around the Home Location Register server clusters which store GSM subscriber details as part of the global SS7 network. A single packet, sent from within any network including femtocells, took down one of the clusters for two minutes."
This discussion has been archived. No new comments can be posted.

Lone Packet Crashes Telco Networks More

Lone Packet Crashes Telco Networks

Comments Filter:

  • Hardly surprising... (Score:3, Informative)

    by jonwil ( 467024 ) on Friday October 12, 2012 @10:15AM (#41630819)

    Cellular standards like GSM and UMTS (no idea about other standards like LTE or CDMA) are not designed to be secure. They are designed to be complex to implement and to use as many pieces of patented technology as possible.

  • Re:Hardly surprising... (Score:4, Informative)

    by Another, completely ( 812244 ) on Friday October 12, 2012 @10:23AM (#41630925)
    They do have security designed in, but it's the hard-outer-shell variety. Doesn't GSM authenticate handsets by having the home register send a challenge along with the appropriate response in a plain-text packet to the cell? The first GSM "attack" I heard about involved connecting your fake phone to a cell, and listening to the microwave channel to hear what response you should send when it sends a challenge. It doesn't sound like a clever design, but I suppose it was trying to reduce communication and memory requirements at the home register?

  • A missing break statement (Score:2, Informative)

    by Anonymous Coward on Friday October 12, 2012 @10:24AM (#41630935)

    A missing break statement was what brought down the eastern phone network in North America about 20 years ago. And the same simple problem seems to happen again.

  • Re:Hardly surprising... (Score:5, Informative)

    by queazocotal ( 915608 ) on Friday October 12, 2012 @10:39AM (#41631183)

    Well, no.

    The barrier to entry for a firefox security hole is really, really low.
    Typically anyone with a computer can do it, with no external equipment.
    In addition, it's typically legal to do. (though that may not stop some).

    Knowledge of how tcp/ip and similar standards work is widespread, and lots of people know this.

    For hacking cell networks, it's a bit different.

    It's basically a completely different set of protocol stacks unrelated to tcp/ip - so you have to learn a whole bunch to even attempt it.
    You need a few thousand dollars (this may have come down slightly) of specialised equipment to do the attack.
    You are doing something that is often illegal, or of dubious legality at best.

    All of these combine to make the pool of attackers orders of magnitude smaller.

  • Re:Hardly surprising... (Score:3, Informative)

    by geekoid ( 135745 ) <dadinportland&yahoo,com> on Friday October 12, 2012 @11:03AM (#41631475) Homepage Journal

    Security through obscurity is a perfectly fine layer of security.

Slashdot Top Deals

The moon is made of green cheese. -- John Heywood

Close