Hackfest 2023 - Back to the Future

MITM on PSTN -- novel methods for intercepting phone calls
10-13, 17:30–17:50 (Canada/Eastern), Track #2
Language: English

In this talk the author proposes a novel method for intercepting phone calls over PSTN, including mobile networks.
We'll briefly each discuss the necessary components of the attack, including Caller ID spoofing, SS7, call diverts, and social engineering, and then join the all together to form the novel attack method.


Two separate methods will be proposed.
The author will provide a pre-recorded demo of each attack.

  1. PSTN / MN / CLIP / CNAM
  2. SS7 features and attacks
  3. Relevant social engineering techniques
  4. Attack 1: Simultaneous ring attack
  5. Attack 2: Diversion attack
  6. Tactic 1: Interception of phone calls
  7. Tactic 2: Alteration of phone calls (content)
  8. Tactic 2: Alteration of phone calls (metadata)
  9. Proposed solutions

Note that the presentation includes pre-recorded demos as it's ill-advised to do this live in a conference for legal reasons.


Are you releasing a tool?

No

Kirils Solovjovs is an IT policy activist, bug bounty hunter, and the most visible white-hat hacker in Latvia having discovered and responsibly disclosed or reported multiple security vulnerabilities in information systems of both national and international significance. He has extensive experience in social engineering, penetration testing, network flow analysis, reverse engineering, and the legal dimension.

He has developed the jailbreak tool for Mikrotik RouterOS, as well as created e-Saeima, helping the Latvian Parliament become the first parliament in the world that is prepared for a fully remote legislative process. He has spoken at many amazing conferences including Hack In The Box, Hack in Paris, TyphoonCon, MCH2022, 35C3, CONFidence, BalCCon, Nullcon, and of course Hackfest.

This speaker also appears in: