day 8

Question 1

2G systems

Answer 1

GSM and CDMA

2G connections accounted for around 60 percent at the end of 2014

Question 2

2.5G

Answer 2

low-speed packet data delivery system

Question 3

3g

Answer 3

high speed broadband packet system

Question 4

3rd generation partnership project (3GPP)

Answer 4

LTE and LTE advanced

Question 5

3rd generation partnership project 2 (3GPP2)

Answer 5

IS-95 technologies commonly known as CDMA

Question 6

GSM system

Answer 6

subscriber BTS

(BSS)

Question 7

AIR interface (Um)

Answer 7

the air interface is a full-duplex link formed by two simplex radio channels

Question 8

Base Station Subsystem (BSS)

Answer 8

contains the BTS

Question 9

spoof caller ID numbers

Answer 9

many cellular voicemail systems can be assessed using this technique

Question 10

A5 family of encryption algorithms

Answer 10

A5/0: no encryption
A5/1: first encryption
A5/2: weakened encryption
A5/3: replacement for A5/1
A5/4: A5/3 but with a 128-bit key

Question 11

more on A5/1

Answer 11

in 2009, 40 rainbow tables totalling two terabytes were published on the internet.

GSM voice calls and SMS/MMS messages can be decrypted.

Question 12

International Mobile Subscriber Identity (IMSI)

Answer 12

a unique identifier to a mobile subscriber.

the IMSI is stored on the Subscriber Identity Module (SIM) card

Question 13

rogue BTS

Answer 13

because of the lack of mutual authenticaiton in GSM networks, a mobile device could be lured to connect to an attackers’ rogue BTS being run from a laptop.

Question 14

femtocells

Answer 14

femtocells are small devices provided by mobile network operators that implement a complete GSM, CDMA, or LTE protocol stack

there have been at least two publicly known femtocell hacks

Question 15

Unlicensed Mobile Access (UMA)

Answer 15

UMA allows mobile carriers to use 802.11 networks to replace the UM Air interface to connect mobile devices to the Network Switching Subsystem

Question 16

WiFi calling attacks

Answer 16

an attacker operating in-line with the communicaitons flow, perhaps through use of ARP cache poisoning or operating as a rogue AP, could capture all information needed to be able to record all incoming/outgoing calls and texts

Question 17

Signalling System 7 (SS7)

Answer 17

a suite of telephony protocols developed in the mid-1970’s to set up and tear down most calls on the PSTN worldwide

Question 18

SS7 attacks

Answer 18

by injecting the appropriate SS7 messages, an attacker can perform call interception, reroute calling, intercept SMS messages, device location and tracking, commit financial fraud, or perform a denial of service

Question 19

4G LTE functionality

Answer 19

essentially all of the services-calling, data, control plane, messaging- are standardized onto a single unified backbone. That backbone is IPv4 and will soon be IPV6

Question 20

4G LTE security

Answer 20

earlier 3GPP systems were limited to a handful of algorithms, which could not be easily replaced without significant changes to the network infrastructure and mobile devices

Question 21

more on 4G LTE

Answer 21

to date, there have been no significant open source exploits in the over the air LTE network technology leading to eavesdropping or spoofing, allowing consumers to use this technology with some confidence