Hey telco security friends I found something that I haven't seen before so I thought I'd share: 3GPP has a GitLab now, and they publish the 5G API specs here as well as other stuff forge.3gpp.org/rep/explore They also use the great lib pycrate by mitsh (check commits in SA3 LI).

Recently twilio, which provides SMS verification services for Signal, suffered a phishing attack. Via Twilio, attackers may have accessed phone numbers & SMS registration codes for 1,900 Signal users. 1/

🧵Thread🧵 What’s the root cause of the US proxy war in Ukraine? Most people don’t have a clue. Let me explain. It all started after the 2007-2008 financial crisis that originated in the US. The reliability of the US Govt as a partner in global financial affairs was destroyed.

P1 Security Lab is happy to release hermes-dec, an open-source disassembler and decompiler for the React Native Hermes bytecode: labs.p1sec.com/2023/01/09/rel…. We hope this will foster the security research around mobile apps based on this environment. #telecomsecurity #android #ios

Some thoughts on telecom components security evaluation and GSMA NESAS certification: infosec.exchange/@bmitsh/109873…

Serious findings ! The list of critical vulns in the Exynos baseband published in the last Android bulletin is quite long after all: source.android.com/docs/security/…. I guess the Internet-to-baseband vulns relate to IKEv2/IPsec.

Android 14 introduces first-of-its-kind cellular connectivity security features #MobileSecurity #AndroidSecurity by ⁦Google⁩ security.googleblog.com/2023/08/androi…

A year ago we revealed how Italian surveillance company Tykelab was using phone networks in the Pacific for global tracking operations. Our friends at @occrp have an update occrp.org/en/daily/17987…

NEW REPORT: Finding YouThe Network Effect of Telecommunications Vulnerabilities for Location Disclosure 👇 citizenlab.ca/2023/10/findin…

2 recent articles on mobile interconnect (citizenlab.ca/2023/10/findin…) and CDR (wired.com/story/hemisphe…), which show how much subscribers are exposed: good reads.

Opening Critical Infrastructure: The Current State of Open RAN Security trendmicro.com/en_us/research… #InfoSec #CyberSecurity #OpenRAN #Security

“A fix is long overdue for … the technical vulnerabilities at the heart of the world’s mobile communications networks.” profdeibert and Gary Miller from The Citizen Lab on the security deficiencies associated with cell phone “roaming.” lawfaremedia.org/article/when-y…

Excellent document detailing the many location possibilities targeting mobile phones and modems. While the focus here is how handsets are tracked on the battlefield, most of the techniques described are known to be used quite generally, outside of any war context too.

1/11 Today, we’re releasing details of a small but interesting mobile #vulnerability called MMS Fingerprint, reportedly used by #NSOGroup. How this might work, and how we found it, is a bit unusual. enea.com/insights/dusti… Enea AB Joseph Cox Ryan Gallagher Catalin Cimpanu Lorenzo Franceschi-Bicchierai

I recently found two very interesting Linux binaries uploaded to Virustotal. I call this malware 'GTPDOOR'. GTPDOOR is a 'magic/wakeup' packet backdoor that uses a novel C2 transport protocol: GTP (GPRS Tunnelling Protocol), silently listening on the GRX network (1/n) 🧵

As someone learning Erlang / Elixir for telecom applications, this is an interesting read about Ericsson's use (or lack) of the language they created. iknek.github.io/blog/the-erlan…

Together with the paper: enck.org/pubs/bennett-c…. Nice research and results

github.com/erlang/otp/sec…: this hits hard!

Last month with Ryan Gallagher we published an investigation into the shady SMS market and its implications for security. For those who want to go deeper Gabriel Geiger and I have written a more technical briefing medium.com/@lighthouserep…

🚨 Many telco vulns never get CVEs. Vendors delay, ignore, or silently patch. Operators? Left in the dark. At P1 Security, we follow a 180-day disclosure policy—document and publish in our private VKB when silence persists. 🔗 p1sec.com/blog/responsib… #CVE #TelecomSecurity #VKB