• 11:00 - 11:10

• 11:10 - 12:00

Anatomy of Telecom Malware” is a Telecom Village talk spanning 2G, 3G, 4G/LTE and cloud-native 5G. It dissects how attackers weaponise every layer of the stack—SS7/SIGTRAN, Diameter, GTP, SMPP and SBA APIs—while adding three critical lenses:

Supply-chain infiltration: poisoned firmware builds and compromised eSIM-provisioning servers that let implants enter the core before day 0.

Transit-based backdoors: malware such as the LightBasin “GTPDoor” family that hides its C2 inside roaming GTP-C/U tunnels, crossing operator boundaries unnoticed.

Field-proven attacks: campaigns like SIMjacker’s SS7/S@T-browser exploitation for OTP interception and recent SS7-redirect bank-fraud cases, plus roaming-hub spyware and diameter peer-scraping seen in the wild.

Attendees leave with a telecom-specific kill-chain map, protocol-aware detection tricks, and a 10-point hardening checklist to protect both legacy and future networks."

Akib Sayyed

• 12:00 - 12:10

• Overview of Exploited Vulnerabilities
• Breakdown of the Cyberattack
• Impact and Consequences
• Incident Response & Mitigation
• Key Lessons for Cybersecurity Preparedness

Zibran Sayyed

• 12:10 - 13:00

This workshop demonstrates how SS7 signaling can be intercepted and manipulated to retrieve a mobile user's location without user interaction using custom-developed malware. Additionally, it demonstrates how the GTPdoor malware creates a hidden backdoor by abusing GTP signaling in roaming networks.

Nadeem Bagwan

• 13:00 - 13:15

The session is a case study about how the WAPDropper Android malware abuses premium telecom calling services. It explains how a user unknowingly installs the malware and then gets billed without their consent. The session also demonstrates how a legitimate-looking application can be used to exploit WAP billing mechanisms.

Ravi Rajput

• 13:00 - 14:00

• 14:00 - 14:45

• Basics of the SIP protocol
• Application of the SIP protocol
  • Fixedline VoIP networks
  • International VoIP Networks
  • Mobile networks VoLTE/VoWIFI/VoNR
• Security vulnerabilities is the SIP and RTP
• Vulnerability beyond the protocols
• What mobile networks ignores which makes it big area of attack
• 6- Ways to secure the SIP - VoIP , VoLTE, VoWIFI/VoNR

Niraj

• 15:00 - 15:45

Deep dive into Android’s eSIM management APIs and how they can be abused.

Building and analyzing a proof-of-concept malware for silent eSIM installation and location harvesting.

Understanding telecom backend provisioning vulnerabilities enabling malicious profile injection.

Detection techniques, anomaly signals, and defensive engineering against malicious SIM profile abuse.

Live demonstration on extracting call metadata and geolocation from compromised profiles without raising alarms."

Ravi Rajput

• 16:00 - 17:00

workshop on GPON network security weakness and different attack use cases on GPON network

Akib Sayyed