Cathal Mc Daid

@citizenlab Extra/ One clarification, the Unknown TON / Mexico city prefix is irrelevant as in this Simjacker version the exfiltrating data message goes to a specific, exfiltration SMSC GT. However this same TON and number was probably re-used from the more common handset generated attacks.

@citizenlab 3/ I can answer one speculation you had on the exfiltration number, you say this appears as Brazilian, but its not, its TON is set to unknown (0x81). Its actually a Mexico city number, used by both landline and mobile. The Mexican network routes it like a national number

🚨New research reveals how two sophisticated surveillance actors exploited the global telecom ecosystem and, for the first time, directly links combined 3G and 4G network attacks to mobile operator infrastructure. Full report 👇 citizenlab.ca/research/uncov…

@citizenlab 5/ We have seen incidents where this message has been sent to targets which didn't have the S@T browser present. So keep in mind its possible this is part of a set burst to try multiple methods to obtain location information. Otherwise, good job on the Simjacker/S@T decode!

@citizenlab 4/ Lastly, there is a question whether the use of the Simjacker vulnerability in this case would have actually worked. Most operators don't have SIM cards with the S@T Browser library deployed, and the landscape has changed further since the original research.

(7/x) But all societies will need to have defences in this area. More details in the report - enea.com/insights/rider… . This is a rapid area - within last week the EU & China have both issued reports or guidelines at how telecom operators can detect UAVs. Expect this to continue

(6/x) Ukraine is also grappling how best to deal with the threat. Even yesterday, reports discuss changing SIM card sales and specific data disabling, due to Russian mobile controlled drones being dropped by 'mothership' drones behind Ukrainian lines united24media.com/latest-news/ho…

(1/x) Out this week - our new report: "Mobile Connected UAVs in Conflict” info.enea.com/Riders-on-the-… . This is the first report to cover #mobilenetworks + combat drones. Ukraine's Operation #Spiderweb showed the potential of this connection, but was it a once-off, or a future trend?

The 'wild west' of #SS7 security Surveillance companies are increasingly using clever encoding to try to bypass signaling firewalls — here's new research showing how the latest attack works: enea.com/insights/the-g… @EneaAB @josephfcox @rj_gallagher @campuscodi @lorenzofb

@h51un6 Thanks. I didn't mention LightBasin or the related GTPDoor due to lack of time. GTPDoor in particular, using GTP-C, would have been in scope as part of recent understanding of the deeper 'layers' of core security & attacks Could only fit in so much in 30 minutes & left a lot out!

Hi @mcdaidc Thank you for your presentation at the VB conference, I really appreciate it. I noticed that you didn't mention the Light Basin activity cluster. Didn't you mention it because these attackers go through the GRX instead of attacking the devices?

I'll be explaining how we got here, how attackers and defenders have evolved and the future of securing mobile networks. virusbulletin.com/conference/vb2…

Excited to announce that next week I'll be presenting the fascinating History of Signalling Security—from #SS7 to modern-day 5G challenges! Join me @virusbtn as we dive into the last ten years of many scary headlines but little concrete facts.

Happy to have contributed to this mobile phone security episode with @veritasium. Its a great introduction to #ss7 and its security risks. Plus kudos to @yodresh for his work.

@shashj Different method but same principle of how niche or unusual comms equipment can lead to less security is in Ukraine. Recommendations are to use ordinary phones and SIMs, unusual/different or 'hardened' devices stand out and draw attention info.enea.com/tracking_on_th…

@drogersuk @GunshipGirl You could confirm it if you do manage to talk to this person, and get them to confirm what time/date they got a call from "you" + the spammer may have left a recorded message in that attack. That's if they would talk to you-sadly these attacks reduce the trust in telecom networks

@drogersuk @GunshipGirl What this most likely is, is that a spammer has spoofed your number to ring this 07 number. 07 never answered that call, but sees a missed call coming from the spammer using your number , and decides to ring you "back". 07 ringing you isn't part of the attack, its a side-effect.

⁉️Question for cyber peeps ☎️I had a missed call from an unknown number. Ignored it. They called again. It was an 07 no. so I did answer. They said "hi who is this?" I hung up. 📱Then text me "Who is this, had a missed call from you" Anyone know what kind of scam this is!?