Maybe me. So its like this: How can SS7 works on GSM? And even can used to intercept SMS Massages? Thanks in advance

I want to work on private gsm network at home please guide me

@@geekyrajnish I think for private gsm network, you're going to need lots of expensive equipment, and to have a licence to use certain frequency bands.

@@semplar2007 i need full guide please i will do everything for it

@@geekyrajnish I'm not a mobile network specialist, but googling gave me this document (2nd result): www.gsma.com/spectrum/wp-content/uploads/2016/11/spec_best_practice_ENG.pdf In there on page#33 you can see prices for reserving frequency bands in African countries (for example): from $16 to $67 MILLIONS of dollars per 10Mhz band. Idk what time ranges. In my country (Ukraine) auction prices are similar, $15 millions per 10Mhz band.

Lukasz Racinowski context details?

Some countries already started to phase out either G2 or G3, but not both, yet.

@@Hauketal any network whose communication depends on a centralised server is outdated in my opinion. So, moving from 2G to 4G is hardly an upgrade (if we ignore the speed benefits of the latter).

TCP/IP was designed at the begin of the 80s, SS7 (which is still the basis of carrier communication and horribly vulnerable) was designed in the midst of the 70s. GSM for carrier - end point communication was designed in the midst of the 80s so slightly later than "classical" TCP/IP and it is (partly because of that) also more secure, at least they introduced some encryption like (the intentionally weakened) A5/1 and the even worse A5/2.

@@frankschneider6156 for sure, in the sense 2G is actually more advanced than 4G

Same thing happened to me, lol.

nikidino8 same

Same here

nikidino8 same

You mean unlisted

bad idea

*+TheKinGG0ld* That’s actually one of the sources of location data used by smartphones in order to improve location accuracy.

I meant, an app that use just this method to point you in the map when you have no data mobile available. Based on a database.

Afaik it might try base stations in the area and then give up. And then you get the voicemail on the other sode

A page request is initiated by a subsystem that manages many base stations like an MME for LTE or MSC/BSC for 2G/3G technology. These base stations (BS) are all grouped into multiple smaller areas and the managing subsystem only knows the last area you were registered to. Like maybe an area covering an airport before you take a flight. Like LiveOverflow mentioned, the BS's that belong to that area are sent the paging request and it's broadcasted by all the BS's. If your mobile device does not respond, your location will be set to unknown and a core component will track all missed calls and failed messages until it knows where you are again. When you finally land, your UE will find a new BS to camp on, the location register will be updated, and the core will begin forwarding all missed page requests so you get notified of your missed calls and get bombarded with text messages. Huge fan of your videos LiveOverflow. I was so excited when I saw you were covering mobile technology and I vaguely remember some weaknesses in GSM's encryption algorithm so can't wait to see more.

AFAIK, you can sniff and break GSM encryption with an RTL-SDR dongle and some software. Encryption is not that great.

@@MadushanNishantha when you are turning off your MS, it sends "IMSI deatached" to MSC/HLR by sdcch channel. So if someone calls you when your MS is turned off - GSM system doesn't even try to send paging, knowing that you are "offline"

This is when a divert could kick in, if the paging response is not answered the the network updates the with No Response, then if you have a divert configured then that will be actioned. If it was to the carrier voicemail then a network waiting indicator will be sent to you device and will wait to be received, shortly after the device location updates and receives the MWI the device will flag to the user a message is waiting. Should you just pull the battery, then no last gasp will be sent to the network and the network will try to page until no response. This is for GSM or DCS1800 of course. Diverts can be network or user set and each has its own priority such as user overrule networks divert.

Next on ScreenRant* FTFY

It's easier than you might think :) Search youtube for "Wiretapping the Secret Service can be easy and fun". The guy listened to FBI and Secret Service calls using man-in-the-middle approach. He created fake business record on Google using his phone. People searched for FBI office, they found number and called it. Guy's phone called real phone number and recorded everything.

Hey Have some respect, that was his grandpa's potato

FBI, CIA, KFC, PBS...

Great!! There goes our potato chips and Freedom fries

Isso

Möwe *best *Uploader

@@ko-Daegu what do you mean?

Exactly!

Sim cloning is possible , but you need to crack the secret key in sim card

Infact , if you have that key , you don't need a sim

This is supported in LTE. I'm not sure if this also happens in GSM.

It is specified in GSM 04.08 3.1.5, it compares service request message sent and response to determine whether ue is the rightful for the channel. Similar to LTE msg 4 contains MAC CRI (which is the sent RRC Connection Request) along with RRC Connection Setup.

Offtopic, your favourite pokemon is Articuno?

pakyu

Multiple devices use the same frequency thanks to TDMA. So that already is not so easy. And then usually there is also crypto.

No, SMS and phone calls are encrypted. Typically using A5/1 or A5/3. (I don't think anyone uses the intentionally vulnerable A5/2 anymore.) Some countries might usr A5/0 (no encryption). For phone calls you also need to be able to handle channel hopping so you need a HackRF or better, or multiple RTL-SDRs.

A5/1 is stronger than A5/2 but can also be easily broken using lookup tables, so in practice there is no difference if using A5/1 or A5/2. Both are insecure.

TheImpetuousDanny I don't know much about this, but from other comments I have seen it seems like there is encryption used in connections. Apparently there are a few types, with older versions having issues with security (they weren't very good). The types I noticed referenced were "A5/1", "A5/2" and "A5/3". A guy in a comment above said the first two weren't good but (I'm quoting this part) "A5/3 isn't that bad."