In October 2023, the SRLabs Infrared Team embarked on an immersive retreat in the vibrant city of Valencia. Themed team retreats are a cornerstone of SRLabs' culture, fostering collaboration, knowledge sharing and innovation in a relaxed and inspiring environment.
Near Valencia’s beach, we strengthened internal bonds and facilitated the integration of new members into the team through dedicated knowledge sharing sessions. We focused on advancing our Interconnect and RAN security assessment capabilities including an update of gsmmap.org and improving our mobile anonymity package for portable LTE routers blue-merle. Overall, the retreat provided a refreshing mix of deep technical work and knowledge sharing as well as dedicated time for non-work activities and team building.
We updated gsmmap.org, our interactive web app that visualizes security levels of mobile networks across the globe. Together with our companion app SnoopSnitch, gsmmap creates transparency about individual operators’ security levels. The team initiated a comprehensive update of the gsmmap live system used to contribute measurement data and modernized the backend infrastructure viaDocker containers. We also replaced private forks with open-source components, where possible, to improve maintainability for future feature additions such as the incorporation of 4G and 5G measurement data.
This groundwork sets the stage for a research project to be completed in 2024. Look out for updates of theSnoopSnitch app and an announcement post here once the new data is shown on the website!
We furthermore improved our setup for 2G/3G/4G RAN security assessments. Hands-on work in a live environment with a software-defined radio (SDR) is always interesting and challenging. However, it’s not every day that your desk for such tasks is located on a sunny balcony overlooking the beach side of Valencia.
In addition to the improvements to our RAN tooling, we also worked on Interconnect as another core aspect of modern mobile networks. Since we first released our research on SS7 attacks in 2014, we have continuously improved our attack type and protocol coverage. During the retreat, we seized the opportunity to revamp our historically grown code base and improve our assessment capabilities for SS7, GTP/IPX, and Diameter.
Building on the success of our blue-merle project, which we released earlier in 2023, we upgraded the project to bring enhanced privacy, better user experience and integration, as well as an offline installation option. Most notably, we added compatibility with the latest firmware version and support for the latest hardware generation (Mudi v2).
We have detailed all changes in a dedicated blog post and you can find the project and the newly releases v2 version on GitHub at: https://github.com/srlabs/blue-merle/.
With a total of 10 participants, the retreat served as a platform to strengthen team bonds, boost post-pandemic morale, and foster mutual understanding. The unique setting of Valencia provided an inspiring backdrop for collaborative efforts and individual growth during sunset sailing, extended Paella dinners, and a Sunday visit to the aquarium. We came back refreshed, with plenty of new insights and ideas for 2024 and beyond. As one of our team members described it: "This retreat felt like a trip amongst friends with fun technical challenges on the side instead of a standard work excursion". The time in Valencia was definitely one of our 2023 highlights and strengthened the team bonds as well as us as individuals. We are looking forward to the next of many such retreats!
