lecture: Reversing HLR, HSS and SPR: rooting the heart of the Network and Mobile cores from Huawei to Ericsson
The HLR was the holy grail. We've shown previously how we could crash it
(SCCP and MAP fuzzing) or root it (OAM and proprietary protocols
vulnerabilities). This critical infrastructure component has mutated
into HSS and then into the Subscriber Profile Registry. It's now an
all-encompassing database, access from LTE as well as from 2G and 3G
legacy networks, as well now as a fixed network database.
We will see how all these database can be reversed and which kind of
vulnerabilities can be found and exploited into these software. These
also apply to many other critical equipment such as GGSN, (e)NodeB, STP,
We will also see how now concentration of network software at these
manufacturers can enable with one single reverse or vulnerability to
target many different equipments such as WASN, LTE SAE PDN GW, GGSN.
Start time: 16:00