Skip to main content

Telcos riddled with security holes: #HITB2012KUL Researcher

posted onOctober 16, 2012
by l33tdawg

A security industry veteran has criticised telecommunications equipment vendors for supressing knowledge of vulnerabilities that could result in hundreds of millions of dollars worth of network outages.

In a presentation to Hack In The Box Malaysia (pdf), P1 Security director Philippe Langlois described how a single malformed network packet could disable a carrier's GSM subscriber database.

Hackers could send malformed packets from any network, or femtocells, to crash carriers' Home Location Register server clusters, which store GSM subscriber details as part of the global SS7 network, he explained. Eighty-three percent of telco operators did not apply traffic filtering over the SS7 network, he said. "We were able to remotely crash HLR frontend for two minutes each by sending one malformed packet," Langlois said, citing a 2010 test.

Source

Tags

Security HITB2012KUL

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th