The MSP's must have invested in some IDS systems, Otherwise we'd be having some hackers with i5's running Backtrack, Wireshark and IDA Pro near money transfer agents running off with floats. 

On Tue, Jan 13, 2015 at 10:16 PM, Laban Mwangi via skunkworks <skunkworks@lists.my.co.ke> wrote:
> the encryption keys if in plain text is dangerous. they are always encry[ted
You'd hope so. The symmetric keys (Ki) that are used to generate your session/temporary (Kc) keys should be stored in only 2 places. Your sim card and the HLR. I think that most providers use LDAP based HLRs. Whether they are encrypted at rest is unknown.

What might be leaking is the current key used to encrypt your calls/SMS/USSD (think of mpesa), if you can get Safaricom to cough up the current session key for a user, then it's game over. In reality, it's been game over for awhile since the encryption used by GSM (A5) has been routed and can be cracked in seconds on a regular server and anyone with <100 USD of hardware can sniff GSM traffic off the air.

You can mitigate the A5 weakness by choosing to use 3G only. However, if your provider is leaking secret keys over SS7, it's still game over :(

See this presentation
http://events.ccc.de/congress/2014/Fahrplan/system/attachments/2493/original/Mobile_Self_Defense-Karsten_Nohl-31C3-v1.pdf

And this GSM intro:
https://skydrive.live.com/redir?resid=8F7DEEEC761F130B!603&authkey=!AN3UlLqs7FxmZmQ

On Tue, Jan 13, 2015 at 3:41 PM, Kennedy Kairu Kariuki <kkairu@gmail.com> wrote:
yuMobile is technically out. Customers already migrated to Airtel by 24th Dec.


Kind Regards,

Kennedy KK

Mobile: +254721699119 / +254725292261
Skype: k.kairu
Gtalk: kkairu


On Tue, Jan 13, 2015 at 3:21 PM, Bernard Mwagiru via skunkworks <skunkworks@lists.my.co.ke> wrote:
Interesting read. I wonder how accurate the information is seeing that on their blog post dated 28/Dec/2014, they list only 3 operators in Kenya. http://goo.gl/iQOw80

./bernard

On Tue, Jan 13, 2015 at 10:51 AM, Laban Mwangi via skunkworks <skunkworks@lists.my.co.ke> wrote:
Interesting report from a ccc presentation (http://events.ccc.de/congress/2014/Fahrplan/schedule/0.html):


http://ss7map.p1sec.com/country/Kenya/

---
Kenya allows 4 SS7 MAP messages to leak precise street-level subscriber location (200m).
---

Kenya has 1 operators that leak subscriber keys.

Leak of subscriber keys allows an attacker to decrypt calls and SMS of subscriber, by impersonating the network using a fake base station.


OOPS!


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
--
./bernardmwagiru
--


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke