Collaborate Disseminate
The question is already in the headline:
Why is callerID spoofing not possible when the destination number is a short code?
Here for example the answer to the question if callerID spoofing is still possible says “It is pos… Continue reading Why is callerID spoofing not possible when using short codes?
I am currently reading TR 33.821 of 3GPP (here: http://www.tech-invite.com/3m33/tinv-3gpp-33-821.html)
Chapter 5.1.4 “Forced handover to legacy RAT” describes the the forced handover attack to legacy systems like GSM:
“An attacker with the ability to generate RRC signalling—that is, any of the forms of compromise listed above—can initiate a reconfiguration procedure with the UE, directing it to a cell or network chosen by the attacker. This could function as a denial of service (if the target network cannot or will not offer the UE service) or to allow a chosen network to “capture” UEs.”
I am reading their countermeasure and I just do not understand what they mean by this:
“In order to counter the forced handover attack in the described way, an architectural decision must be made that allows a UE to utilize (NAS, UP) security over legacy RATs. This means that the NE that terminate the respective security associations must be above the interworking point with legacy RAT. Figure 3does not assign these security anchors and the interworking point to the LTE RAN or to the SAE CN, because discussion on their assignment is still ongoing in SA2.”
Could someone explain this countermeasure to me?
The following papers explain that it is possible to suppress the encryption (or downgrade) in GSM using faked messages:
https://pdfs.semanticscholar.org/3a86/4f867aadaea449623ddbf288c18815e7eb00.pdf
https://www.researchgate… Continue reading GSM encryption suppression
This question already has an answer here:
Do WebGoat style XSS attacks still work?
3 answers
Reflected XSS quote not encode… Continue reading Force browser to not URL encode specific characters? [duplicate]