RE: Questions on GSM Penetration test

From: Lubomir.Nistor@star-21.de
Date: 01/25/02 

Date: Fri, 25 Jan 2002 10:32:52 +0100
From: <Lubomir.Nistor@star-21.de>
To: <ricci@smartonebroadband.com>, <pen-test@securityfocus.com>

I really doubt that there is any company like this.. as not many people on this planet know how exactly GSM network works, and those people are building it..

Penetration test of GSM net should be done as a normal pen-test, but I suppose insider attack is where can be done a lot.
outside attacks have to do something with radio engineering and basestation-phone communication (DoS, wiretaping, ..)

inside attacks are more interesting, as you can access devices via IP :) no radio :)
and do some serious (mis)configuration.

Although I haven't done any GSM pentests, but i know some radio networks basics...

Lubo

PS: if anybody got some docs about how GSM radio communication works pls send me a copy (not general descr, but specific protocol descr, fields descr, timing etc..)
PS2: sources of firmware helps as well..

-----Original Message-----
From: ricci_ieong [mailto:ricci_ieong@yahoo.com]
Sent: Donnerstag, 24. Januar 2002 04:10
To: pen-test@securityfocus.com
Subject: Questions on GSM Penetration test

Hello All,

        I would like to know if there is any company offering penetration test
services onto GSM network not the IP network. How to perform that type of
test? Which company can offer that service?

        Thanks.

Ricci

_________________________________________________________

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Questions on GSM Penetration test
    ... services onto GSM network not the IP network. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: Questions on GSM Penetration test
    ... The pentest of a GSM network does involve "normal" security work (e.g. ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: What the FUCK???
    ... It's too bad VZW ... isn't GSM that way people would have the best GSM network here in the US and ... > can't speak for other places, but here, Verizon is THE best. ...
    (alt.cellular.verizon)
  • re: [Full-Disclosure] Insecurity in Finnish parlament (computers)
    ... The encryption/decryption is not done in base stations, ... But they are still not the same thing, but two different components of the GSM network. ... Talking about insecurity of Finnish parlament and TeliaSonera:s GSM, take a look at these latest issues about TeliaSonera having no idea about security whatsoever. ...
    (Full-Disclosure)
  • Re: using American Palm Treo 600 with O2 sim card
    ... If the phone is CDMA then you defnitely won't be able to use it with O2 or ... any other GSM network. ... Hmm...in that case then the phone is definitely GSM and most likely ... Peter <X-Files fan> ...
    (uk.telecom.mobile)