Tonight we had the visit of Karsten Nohl from teh German company: Security Research Labs. He presented his work, some of his latest research on a few security issues with mobile communications.
Karsten informed us on the SS7 protocol which is an exchange protocol that all mobile communication providers are using to talk to each other and to allow things that we take for granted such as roaming services, exchanging SMS, and so on. He showed us that his team research concluded that this protocol which is the base of modern communication has been implemented with some very curious functionality. One in particular, with a 1 line command you can get the geo-location of any phone in the world from any where. The SS7 is implemented with all its functions and no one is really paying attention to the reach of the information it can provide to anyone connected to it. You have even some companies that sell you access to that services on a monthly basis and from there you could track, receive their SMS, from anyone in the world as long as you have their mobile number.
He also presented software that collects and analyzes mobile radio signal to alert you of your mobile network security. It warns you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates. The data collected with the application is uploaded to a GSM Security Map.
The software is: Snoop Snitch
The GSM Map can be found here and from it you can find the quality of the mobile communication in the country you stay or you visit allowing you to choose (when possible) a more secure provider.
