I've learned more about how to efficiently seat people in an auditorium than I ever needed to know.
But on a serious note, conference organizers should play close attention to how CCC does stuff and replicate it. The pre-talk on screen information is amazing and useful.
The streaming set up is world class, they have a freaking DECT setup for live translation inside the hall and the NOC is second to none. I'm very jealous of those attending.
All TDM and Sigtran signaling links of world-wide SS7 network are configured manually peer-to-peer. The signaling traffic including SMS texts travels mostly unencrypted. Hence it's next to impossible to get a real SS7 Pcap log (requires an NDA), let alone access to the SS7 network, unless you work with a network operator.
Fortunately for Verizon customers, the company has since issued a patch to all affected femtocells. Sprint currently offers a femtocell that is similar to the vulnerable models from Verizon, but the company has said it plans to discontinue the device. And while AT&T also offers femtocells, it requires an extra level of authentication that makes much of the iSEC Partner’s findings irrelevant. Still, says Ritter, the femtocell vulnerability is a major problem.
And
Ritter suggests that all carriers that offer femtocells require owners to provide a list of approved devices that are allowed to connect to their femtocell. And also prevent customers’ cell phones from connecting to any unauthorized femtocell.
The Verizon vuln referenced above seems has nothing to do with SS7. Femtocell is rooted, and only cell phones in a close proximity are vulnerable. I thought the presentation in Hannover deals with a much broader issue. And yes, femtocell may be potentially a gateway to the remote hacking of MSC, HLR, etc. Unfortunately I have not seen the presentation, so I can't be sure what it's about.
I finally found the way to watch the presentation (BTW it's good), and the author mentions femtocell hacking as "if you hack femtocells you _may_ have a chance to have access to SS7", or something like that, i.e. very uncertain. He emphasizes a different method -- getting a "global title". That's what I meant in my original comment -- you have to join the telco club, and that is not trivial.
The traditional way to dealing with this from a computer crime perspective is to bribe a few officials in a third-world country, buy one basestation, and become a mobile operator there.
Tobias Engel demonstrates (amongst other things):
* How to find out the phone numbers of nearby cellphones
* How to track the location of any cellphone worldwide that you only know the phone number of
* How intercept outgoing calls of nearby cellphones (to record and/or re-route to a different number)