BACK TO SPEAKERS
Vladimir Wolstencroft
Twilio
Vladimir is a senior product security engineer and security researcher working with Twilio across a large selection of technologies and systems.

These range from critical infrastructure elements to enterprise web architectures, mobile SDKs and APIs. With more than 6 years experience in the info-sec field and 4 years working as an engineer, Vladimir can propose perspectives based on attacker mindsets as well as introduce viable defensive methodologies that can work across all sizes of organization, from critical infrastructure operators, vendors, government agencies and smaller businesses.

Vladimir was previously a senior consultant, researcher and head of training at P1 Security, specializing in telecom architectures and network elements. In this role he delivered technical training and consulting services to Mobile Network operators (MNOs) and government agencies all over the world including in the Middle East, Africa, North America, Europe and Asia. These were focused in 2G/3G/4G networks, network elements and vendor vulnerabilities as well as attack scenarios and mitigations. Vladimir has also previously delivered technical training sessions and presentations at TROOPERS, Hack In The Box, RECON Montreal, DayCon, H2HC Brazil, ISANZ NZ, NZITF, BSIDES Denver, RMISC and others. Vladimir also gained the the GSMA Hall of of fame award for his research contributions to the mobile industry.

Exploiting the Exploiters: Hunting Fraud in Telecom Networks


Lurking underneath our increasingly mobile-connected world is a growing fraud problem -- one which exposes user data to security and privacy risks. Interconnect bypass fraud has been an issue within telecom networks ever since mobile phones were allowed to roam between countries. GSM Gateways, also known as "simboxes," are one of the primary keys for criminals to unlock the ability to conduct fraud on these networks.

In this talk, we'll explore how carriers and aggregators globally send your SMS and voice traffic through these IoT-based devices, which are not subject to any of the security or privacy requirements of critical infrastructure. However, these devices still handle our critical data -- both offering a profit opportunity for fraudsters as well as creating a privacy nightmare for mobile subscribers.

Then, we'll delve into the defensive devices dedicated to heuristic measurements, detection, and destruction of GSM gateways, and the retaliatory countermeasures employed to avoid detection, simulate real subscriber behavior, and outsmart the mobile network operators.
Next, we'll explore multiple GSM Gateway vendors and the equipment they provide for legitimate -- sometimes less-than-legitimate -- purposes. We'll examine how these systems operate and what actual security controls they provide for our voice and signaling data. While we expect stringent controls when data flows through network operators, can we hold the same expectation for these network elements operated in someone’s basement?

Finally, I will propose new techniques to detect, map, and disable these devices remotely, as well as track the operators of these systems -- without the pitfalls of relying on heuristic measurements. With these methods, we can begin disrupting the $6b in fraudulent revenue running on the backs of flawed and vulnerable devices.