@mcdaidc profile picture
Cathal Mc Daid @mcdaidc

Science, Security, Sports.

Joined October 2013
  • Tweets 328
  • Following 48
  • Followers 751
100 Photos and videos
(1/x) Out this week - our new report: "Mobile Connected UAVs in Conflict” info.enea.com/Riders-on-the-… . This is the first report to cover #mobilenetworks combat drones. Ukraine's Operation #Spiderweb showed the potential of this connection, but was it a once-off, or a future trend?
1
1
4
666
more replies
(6/x) Ukraine is also grappling how best to deal with the threat. Even yesterday, reports discuss changing SIM card sales and specific data disabling, due to Russian mobile controlled drones being dropped by 'mothership' drones behind Ukrainian lines united24media.com/latest-new…

How Russia’s “Mother Drones” Are Forcing New Surveillance Laws in Ukraine

Ukraine weighs passport-only SIM sales after reports Russia uses Ukrainian LTE to guide long-range mother drones launching FPVs into rear areas.

united24media.com
1
1
71
(7/x) But all societies will need to have defences in this area. More details in the report - enea.com/insights/riders-on-… . This is a rapid area - within last week the EU & China have both issued reports or guidelines at how telecom operators can detect UAVs. Expect this to continue

Riders on the Cellular Storm - Mobile Connected Unmanned Aerial Vehicles in Conflict

Read Enea's Research Paper, exploring defensive countermeasures for mobile-network enabled combat drones (Unmanned Aerial Vehicles).

enea.com
1
64
Cathal Mc Daid@mcdaidc
16 Jul 2025
The 'wild west' of #SS7 security Surveillance companies are increasingly using clever encoding to try to bypass signaling firewalls — here's new research showing how the latest attack works: enea.com/insights/the-good-t… @EneaAB @josephfcox @rj_gallagher @campuscodi @lorenzofb

The Good, the Bad, and the Encoding: An SS7 Bypass Attack

Introducing a novel SS7 bypass attack technique uncovered by Enea's team of threat intelligence experts. Read all about it in this blog.

enea.com
3
206
Excited to announce that next week I'll be presenting the fascinating History of Signalling Security—from #SS7 to modern-day 5G challenges! Join me @virusbtn as we dive into the last ten years of many scary headlines but little concrete facts.
1
3
7
1,750
I'll be explaining how we got here, how attackers and defenders have evolved and the future of securing mobile networks. virusbulletin.com/conference…
190
Cathal Mc Daid@mcdaidc
24 Sep 2024
Happy to have contributed to this mobile phone security episode with @veritasium. Its a great introduction to #ss7 and its security risks. Plus kudos to @yodresh for his work.
Veritasium
@veritasium
22 Sep 2024
New video! I hacked @LinusTech to expose the vulnerability in our phone system youtube.com/watch?v=wVyu7NB7…
1
5
61
12,989
Cathal Mc Daid@mcdaidc
25 Apr 2024
New #4G/#5G #cybersecurity research released today. @nerfux breaks down #SCTP 'quantum' insertion attacks on telecom networks: enea.com/insights/quantum-of… In the past, mobile network security has focused a lot on edge protection, in the future we will need to look inward as well.
1
6
17
2,156
Cathal Mc Daid@mcdaidc
7 Mar 2024
Thanks to @tomwithington and @arm_magazine for featuring our new "Location Tracking on the Battlefield" report. Check out the article in this month's edition!⬇️ armadainternational.com/2024…
2
614
10/12 2nd, Russia has reportedly done this before. This matches the method that Ukraine accused Russia of using in 2014 , as a result by publishing this new recording they would not have been 'burning' any secret hacks. wired.com/2016/04/the-critic… enea.com/insights/russia-ukr…

The Critical Hole at the Heart of Our Cell Phone Networks

Reports show that hackers are taking advantage of problems with a backchannel in global telecommunications.

wired.com
1
3
35
4,941
11/12 Lastly, while SS7 security has improved greatly since then, some elements of this would have made it more likely to succeed. The targeting of an outbound roamer for example is more likely to succeed that a subscriber at home.
1
2
23
4,254
12/12 Note this is one *possible* way it could have happened, other methods like a local 3G/4G radio voice interception using Fake Base Stations are possible, but they would require a SS7 link. 2G radio interception may also be possible although more likely to be noticed
6
2
28
4,067
8/12 The call is then directed to the Russian PBX/listener. At this point, a new call is initiated to the webex conference number, with the original German mobile being spoofed, and is sent to the webex number. The Russian device then acts as a MITM and the call is recorded
1
3
26
4,768
9/12 This matches was occurred as the German roamer to Singapore is the first person that we hear. They get intro-ed/added to the conference by another. The recording can only happen with his call.
1
2
21
4,546
6/12 The webex starts, and the German roamer attempts to dial to it (or to an interim number, the interception method is the same). However, the Singapore network now checks the Russian ‘billing platform’, via a CAMEL IDP command. This is to see whether the call should go ahead
1
3
27
5,418
7/12 The Russian ‘billing platform’ says the call should go ahead, but also should be redirected to a different number. This number is a Russian listening device. most likely a PBX. This information is relayed back to Singapore network in a CAMEL CONNECT command
1
3
26
5,088
1/12 It has been confirmed that the #Taurus interception was done via “a non-secure line”. Below is my opinion of one way in which it *might* have been done, taking into account the situation and #Russia's previous history. Essentially it involves using #SS7 interception. 🧵
10
103
331
119,915
more replies
5/12 Now the attack. First, Russia would modify the billing platform info (gsmSCF address) stored for the German roamer, in the Singapore network. This is done via a SS7 ISD command (with target's IMSI or MSISDN), from a GT (address) in the German network to a GT they control
2
4
31
18,723
Load more