Pin It

Telecommunication Network Hacking And Security


Hacking does not only mean to deface a website or steal to someone confidential information, you have heard so many times about computer network security or just computer security but what about Telecommunication security or Telecommunication network security. Well there is so many articles on computer security but this time I have decided to write on Telecommunication network security.



Telecommunication has a broad field and it contain different areas like Optical fiber network, mobile and wireless network and satellite network etc. We have considered wireless network specially for GSM network, GSM or global system for mobile communication is a  2G network but when it provides GPRS (data) service it can call 2.5G network.

The 1G network or AMPS has so many vulnerabilities like eavesdropping and handset cloning because it was work on analog domain while the 2G network works on digital environment and  uses different sort of encryption algorithm to protect the data.

It is good practice to first describe the initial architecture of GSM network so that you can easily understand the security holes. Now consider the basic diagram. 



SIM  Subscriber Identity Module        HLR  Home Location Register
MS   Mobile Station                    VLR  Vistor Location Register
BTS  Base Transceiver Station          EIR  Equipment Identity Register
BSC  Base Station Controller           AC   Authentication Center
MSC  Mobile services Switching Center  PSTN Public Switched Telecomm Network
VLR  Visitor Location Register         ISDN Integrated Services Digital Network


Just like a computer network, GSM network also use some authentication process to allow SIM (user) to enter into the network, just assume there are 4 operator that provides GSM services and you have purchased a connection from 1 service provider, now it does not mean that your mobile phone cannot detect the signal of other three network, your cell phone can get the signal of 4 operators but it only can connect to the network of that appropriate SIM because the network identify its user by SIM.

Understand The Phenomena Of Authentication In GSM

The SIM (Subscriber Identity Module) is a small and smart card contain both programming and information. SIM contain a temporary cipher key for encryption, temporary subscriber identity(TIMSI) and International Mobile Subscriber Identity (IMSI). It also contain a PIN (Personal Identification Number) and a PUK (PIN unblocking key).

SIM stores a 128-bit authentication key provided by the service provider, IMSI is a unique 15-digit number that has a three part.
  • Mobile Country Code (MCC)
  • Mobile Network Code(MNC)
  • Mobile Subscriber Identity (MSIN)
Now as you have seen the importance of IMSI, if you have a IMSI of another user than you can identify yourself on the network by the identity of the other user (So dangerous).

But what, is authentication a only way to crack into GSM network? answer is no.
The air interface i mean Um interface between the handset and BTS is encrypted by A5 algorithm but the interface between BTS to BSC and BSC to MSC is usually does not encrypted and normally uses Microwave link or in cases it uses optical fiber link or depends on the geographical area. So the point is that if someone start sniffing on that link so the GSM has not defined any standard to protect this sniffing, so now you can understand the main hole in GSM network.



About The Author:

This guest post has been written by Irfan Shakeel, Irfan is a Telecommunication engineer and a IT security Geek,  Irfan wrote so many article for different blogs and he is currently running a blog related to Ethical Hacking and Penetration testing

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Tags:


Kindly Bookmark it and Share it with Friends:

5 comments :

Anonymous said...

incomplete

Roshan on June 17, 2011 at 1:28 AM said...

Bro,GPRS is work on 2G Network and 2.5G network means EDGE which is faster than GPRS.Newer mobile support gprs and edge both.u also see G and E symbol on your mobile.3g is launched in india.
Nice article.

egyhacks on June 17, 2011 at 3:15 AM said...

another unique article :)

Anonymous said...

your information is wrong. between bsc and msc there are transcoders use which encode the the data further to avoid any kind of hacks.

sagar said...

I liked it but it is incomplete

Dare to ask? :)

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.