SIM Tunneling: Achieving High-Speed Travel and Web Traffic Classification
This video explores the use of SIM tunneling to achieve high-speed travel and deep packet inspection for web traffic classification.
00:00:05 This video discusses the use of SIM tunneling to achieve fast communication while traveling abroad and the complexities of roaming services.
π‘ The talk is about decoupling the SIM card from the mobile phone or modem to perform various measurements.
π Roaming in cellular networks can be complex and interesting due to the differences in configurations, hardware, and software between home and visiting networks.
π° International travel and testing in different networks can be expensive and tedious.
00:06:44 Using SIM Tunneling to Travel at Light Speed - Decoupling SIM Cards from Modems to Enable Global Measurements and Exploitations.
π MobileAtlas decouples SIM cards from modems and enables global connectivity.
βοΈ Goals of the project include scalability, automatability, and controlling background noise.
π Challenges faced include adapting the SIM interface and protocol for global usage.
00:13:16 This video discusses the use of SIM tunneling to achieve high-speed travel. It explores the use of Schottky diodes and Linux network spaces in the process. The video also covers traffic metering and the limitations of eSIMs.
π§ The use of SIM tunneling and Schottky diodes simplifies the negotiation of speeds and voltages between the SIM provider and the modem.
π Linux network spaces and binary encoding are used to control background traffic and ensure accurate measurements of data counting.
π² Bluetooth rSAP protocol allows for the connection and sharing of SIM cards between an Android phone and the system.
π SIM tunneling provides an opportunity for carriers to verify services and improve configurations for Voice over LTE roaming.
00:19:53 Learnings from implementing a system: SIM cards can change IMSI, USB device limit is around 20-30. System deployed in Europe and North America. Ethical considerations with software-defined radio usage. Showcase of internet-related measurements and zero-rating abuse.
π SIM cards can update or change their unique identifier (IMSI) over the air for roaming purposes.
βοΈ USB devices have a practical limit of around 20-30 devices due to hardware and driver limitations.
π The system has been deployed to 10 European countries and North America, with some limitations in Canada.
π¬ The use of modems instead of software-defined radios is due to regulatory challenges and safety concerns.
π‘ The platform allows for internet-related measurements, including billing and abuse of zero-rating offers.
00:26:28 This video explores the use of SIM tunneling and deep packet inspection for classification of web traffic, focusing on IP address and hostname-based classification. The study analyzes zero-rating applications and identifies popular ones like WhatsApp and Facebook. Experiments are conducted to detect IP-based and hostname-based classification methods.
π Different metrics are used for traffic classification, including UDP port, IP address, and deep packet inspection.
π The study focused on deep packet inspection and analyzed zero-rating applications like WhatsApp, Snapchat, and Facebook Messenger.
π§ͺ Experiments were conducted to verify web endpoints' zero-rating, detect IP-based and hostname-based classification methods.
00:33:02 Operators use both IP-based and hostname-based classification for zero-rating traffic. Some operators wrongly bill traffic during roaming and when using IPv6 or HTTP3. Exploiting this can allow spoofing of traffic and gaining free internet.
π Operators use both IP-based and hostname-based classification for zero-rating traffic.
βοΈ Attackers can exploit hostname-based classification by faking host data and spoofing SNI in TLS connections.
π Location tracking can be done through ringback tones issued by terminating operators, allowing differentiation between operators.
00:39:37 A presentation on using SIM tunneling to determine call termination and country location, SIM card communication and potential vulnerabilities.
π By analyzing the amplitude and frequency of calls, it is possible to determine the operator and country of the callee.
π± SIM cards can send covert binary SMS messages without the user's knowledge, containing information about the user equipment.
π Roaming is an interesting case where two operators cooperate, and there are ways to exploit it for hiding traffic and locating subscribers.
Want to deep dive into this video?
