ATTACKING NEXTGEN ROAMING NETWORKS presented at blackhateu 2017

by Daniel Mende, Hendrik Schmidt,

Summary : Weaknesses of SS7 Roaming Networks are well known – but what about the Diameter interfaces coming up at the moment? Diameter is and will be used for roaming connections of LTE/LTE-A mobile networks - a new architecture, and a new implementation. But still, one remains the same: it is a AAA protocol designed for trusted environments - roaming interconnection interfaces between providers. As we know from the past, it is possible to get access to such networks, as you can simply buy access if you spend enough money; as typical attackers in such environments are fraudsters or agencies, they definitely will. Therefore, securing these interface and assessing the infrastructure components and its configuration is very important.In our talk, we will explain not only how Diameter-based networks work and which messages and functions exit, but also which of them can be abused by attackers. Typical attacks are information leaks about the environment, but also attacks against the authentication and encryption of customers. These information can be used for interception of mobile data/calls, but also to establish new business models of fraud.To demonstrate such attacks, we developed a testing framework covering information gathering, mobile phone tracking, denial of service attacks, pay fraud, and interception of data. The framework will be released during our talk and will enable providers and security companies to assess a telco's diameter network configuration and demonstrate what can happen if no proper security measures are applied. We also will give an outlook on how a provider can protect from such kind of attacks.

Daniel Mende: Daniel and Enno are long time network geeks who love to explore network devices & protocols and to break flawed ones.