Starting on 16 November 2021, I will present a workshop on mobile network security at the DeepSec conference in Vienna.
Topics and Audience
The workshop will cover security risks in mobile networks, both in the core network and in the radio network, based on case studies reported in the press. For each case, we will dig into the technical elements of what actually happened.
The workshop will be especially useful for IT security people who are responsible for mobile devices but are not yet familiar with mobile network technology. The material will also be useful for anyone who works with individuals who have special security concerns, or who report on telecom security topics.
The workshop will start with an overview of cellular technology in general and types of security flaws common to all mobile networks, and then proceed to specific examples for different network segments and technology types. The workshop will include demonstrations of some security failures and deeper analysis of specific events reported in the popular press. The goal of the workshop is to give attendees a good grasp of key concepts in mobile network operation and the security implications, while avoiding unnecessary or confusing details. Questions and discussion are welcome and encouraged.
This workshop covers the mobile network, handset baseband, and SIM only, and does not address Android, iOS or application-layer security. (There is plenty of other material available from others in those areas.)
This workshop covers the mobile network, handset baseband, and SIM only, and does not address Android, iOS or application-layer security. (There is plenty of other material available from others in those areas.)
Day 1 – Mobile Network Technology
- Core networks
- Radio access networks
- SS7 and Roaming
- Inside the phone
- SIMs
- Organization of the industry
Day 2 – Security Risks and Case Studies
- Active false basestation attacks – and there are many
- SMS attacks
- Passive collection and information leaks
- SS7 attacks
- NSO’s Pegasus
More information is available in this interview with DeepSec staff.