Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lone Packet Crashes Telco Networks

Posted by Soulskill on from the sharpshooting-with-information dept.

mask.of.sanity writes "A penetration tester has shown that GSM communications systems can be taken down with a handful of malformed packets. The weakness was in the lack of security around the Home Location Register server clusters which store GSM subscriber details as part of the global SS7 network. A single packet, sent from within any network including femtocells, took down one of the clusters for two minutes."

10 of 57 comments (clear)

  1. Re:Hardly surprising... by Severus+Snape · · Score: 5, Insightful

    You surely can't be that naive and must be trolling. GSM masts are critical pieces of infrastructure in mobile telecoms and it's in every stakeholders that they are secure and reliable. It's security researchers jobs to find these holes, if they were so poorly designed we'd see stories like this every day.

  2. The RF portion of the standards is well designed by exabrial · · Score: 4, Interesting

    The RF portion of the standards is well designed (take LTE with orthogonal multiplexing for example). However, the systems and switching part is waaay to complex. Telco providers are buried under mountains of technical debt... Even the systems part of LTE is complex: the American implementations from Sprint and Verizon are not be compatible because they cherry picked what parts they felt like implementing.

  3. Re:Hardly surprising... by queazocotal · · Score: 4, Informative

    Well, no.

    The barrier to entry for a firefox security hole is really, really low.
    Typically anyone with a computer can do it, with no external equipment.
    In addition, it's typically legal to do. (though that may not stop some).

    Knowledge of how tcp/ip and similar standards work is widespread, and lots of people know this.

    For hacking cell networks, it's a bit different.

    It's basically a completely different set of protocol stacks unrelated to tcp/ip - so you have to learn a whole bunch to even attempt it.
    You need a few thousand dollars (this may have come down slightly) of specialised equipment to do the attack.
    You are doing something that is often illegal, or of dubious legality at best.

    All of these combine to make the pool of attackers orders of magnitude smaller.

  4. Re:Hardly surprising... by Gerald · · Score: 4, Interesting

    The barrier for GSM is getting lower every day so it wouldn't surprise me if bugs like this start showing up more often.

  5. Re:Hardly surprising... by Megane · · Score: 4, Insightful

    It's basically a completely different set of protocol stacks unrelated to tcp/ip - so you have to learn a whole bunch to even attempt it. You need a few thousand dollars (this may have come down slightly) of specialised equipment to do the attack. You are doing something that is often illegal, or of dubious legality at best.

    What you are talking about is security through obscurity, which is of dubious security at best.

    --
    #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  6. Re:Hardly surprising... by grcumb · · Score: 4, Insightful

    "Security through obscurity is a perfectly fine extra layer of security."

    FTFY

    In other words: If you're relying on obscurity, you're doing it wrong.

    --
    Crumb's Corollary: Never bring a knife to a bun fight.
  7. Sometimes you don't even need a malformed packet by Anonymous Coward · · Score: 4, Interesting

    When I was testing a broadband access server at my first job, I've seen a case ping with explicitly specified packet size of 0 caused a divByZeroException on the receiving end. I couldn't resist reporting this bug in person to see the reaction on the developper's face. It was priceless. =)
    Someone else had also found a TFTP packet of death, when broadcasted all boxes under test crashed.
    Now when you factor in maliciously malformed packets, it doesn't surprise me these things happen at all.

  8. Re:Hardly surprising... by camperdave · · Score: 4, Interesting

    Security is a presentation layer issue. SMTP, HTTP and TCP are not session layer protocols, and have no business worrying about security.

    --
    When our name is on the back of your car, we're behind you all the way!
  9. Re:Hardly surprising... by queazocotal · · Score: 4, Interesting

    In essentially all android and other phones, the 'modem' runs on a seperate processor, running its own OS, signed.
    'owning' the base android phone does nothing.
    You need to separately crack the modem. (unlocking is not cracking).
    The modem in most phones is basically a hayes-compatible modem, with a wierd interface soldered onto the board.
    The only interfaces the android side has to it is 'AT' commands.
    It can't inject raw packets, or ...

  10. Re:Hardly surprising... by DarkOx · · Score: 4, Insightful

    Well yes and know. Authentication, Confidentiality, and forms of integrity are session or higher layer problems. Availability is also a key component of security. You can't tell me issues like ye'old LAND attack, tear drop, ping of death, negative sequence numbers etc don't cause Availability problems and they are decidedly network and transport layer. If I can cut your wire to jam your airwaves thats a physical layer issue.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html