Cathal Mc Daid

(7/x) But all societies will need to have defences in this area. More details in the report - enea.com/insights/rider… . This is a rapid area - within last week the EU & China have both issued reports or guidelines at how telecom operators can detect UAVs. Expect this to continue

(6/x) Ukraine is also grappling how best to deal with the threat. Even yesterday, reports discuss changing SIM card sales and specific data disabling, due to Russian mobile controlled drones being dropped by 'mothership' drones behind Ukrainian lines united24media.com/latest-news/ho…

(1/x) Out this week - our new report: "Mobile Connected UAVs in Conflict” info.enea.com/Riders-on-the-… . This is the first report to cover #mobilenetworks + combat drones. Ukraine's Operation #Spiderweb showed the potential of this connection, but was it a once-off, or a future trend?

The 'wild west' of #SS7 security Surveillance companies are increasingly using clever encoding to try to bypass signaling firewalls — here's new research showing how the latest attack works: enea.com/insights/the-g… @EneaAB @josephfcox @rj_gallagher @campuscodi @lorenzofb

@h51un6 Thanks. I didn't mention LightBasin or the related GTPDoor due to lack of time. GTPDoor in particular, using GTP-C, would have been in scope as part of recent understanding of the deeper 'layers' of core security & attacks Could only fit in so much in 30 minutes & left a lot out!

Hi @mcdaidc Thank you for your presentation at the VB conference, I really appreciate it. I noticed that you didn't mention the Light Basin activity cluster. Didn't you mention it because these attackers go through the GRX instead of attacking the devices?

I'll be explaining how we got here, how attackers and defenders have evolved and the future of securing mobile networks. virusbulletin.com/conference/vb2…

Excited to announce that next week I'll be presenting the fascinating History of Signalling Security—from #SS7 to modern-day 5G challenges! Join me @virusbtn as we dive into the last ten years of many scary headlines but little concrete facts.

Happy to have contributed to this mobile phone security episode with @veritasium. Its a great introduction to #ss7 and its security risks. Plus kudos to @yodresh for his work.

@shashj Different method but same principle of how niche or unusual comms equipment can lead to less security is in Ukraine. Recommendations are to use ordinary phones and SIMs, unusual/different or 'hardened' devices stand out and draw attention info.enea.com/tracking_on_th…

@drogersuk @GunshipGirl You could confirm it if you do manage to talk to this person, and get them to confirm what time/date they got a call from "you" + the spammer may have left a recorded message in that attack. That's if they would talk to you-sadly these attacks reduce the trust in telecom networks

@drogersuk @GunshipGirl What this most likely is, is that a spammer has spoofed your number to ring this 07 number. 07 never answered that call, but sees a missed call coming from the spammer using your number , and decides to ring you "back". 07 ringing you isn't part of the attack, its a side-effect.

⁉️Question for cyber peeps ☎️I had a missed call from an unknown number. Ignored it. They called again. It was an 07 no. so I did answer. They said "hi who is this?" I hung up. 📱Then text me "Who is this, had a missed call from you" Anyone know what kind of scam this is!?

@domi007 @nerfux @adaptivemobile @EneaAB @5G_Security_ Thanks. IPSec helps, but as you know its rarely implemented anyway, and wont solve 100% these cases. You're right the 3GPP security model assumes these links are safe, but we also assumed the same once for SS7 links. So this model doesn't account for supply-chain/internal attacks

@mcdaidc @nerfux @adaptivemobile @EneaAB @5G_Security_ Certainly nice way to inject traffic, but if the attacker is already on the same switch with the gNB then the 3GPP assumed security model is already broken. I still recommend to everybody to use IPsec on the backhaul, could be a savior in such cases.

New #4G/#5G #cybersecurity research released today. @nerfux breaks down #SCTP 'quantum' insertion attacks on telecom networks: enea.com/insights/quant… In the past, mobile network security has focused a lot on edge protection, in the future we will need to look inward as well.

Thanks to @tomwithington and @arm_magazine for featuring our new "Location Tracking on the Battlefield" report. Check out the article in this month's edition!⬇️ armadainternational.com/2024/03/war-in…

12/12 Note this is one *possible* way it could have happened, other methods like a local 3G/4G radio voice interception using Fake Base Stations are possible, but they would require a SS7 link. 2G radio interception may also be possible although more likely to be noticed

11/12 Lastly, while SS7 security has improved greatly since then, some elements of this would have made it more likely to succeed. The targeting of an outbound roamer for example is more likely to succeed that a subscriber at home.

10/12 2nd, Russia has reportedly done this before. This matches the method that Ukraine accused Russia of using in 2014 , as a result by publishing this new recording they would not have been 'burning' any secret hacks. wired.com/2016/04/the-cr… enea.com/insights/russi…