Cellular Vulnerabilities

Summary

Excerpt From Introduction to Wireless Threat Intelligence Webinar/
Find Out More on Cellular Vulnerabilities With CTO Dr. Brett Walkenhorst /
Cellular attacks can involve a number of standard techniques and possible outcomes. To enable security downgrade attacks, attackers frequently install rogue cell towers and force mobile devices to connect to them. Attackers are able to gain control over encryption levels and hack devices by taking use of flaws in earlier generations, such as 2G. Watch this clip below to learn more.

Video Transcript

So one common way to approach a cellular attack would be to set up a rogue cell tower. This has been done a lot over the years. Demonstrations using low cost software defined radio hardware enable you to capture MCs for example. That's one one common use but you can do a lot of different things by getting a mobile device to connect to you as their base station.

A very common approach is to do what's called a security downgrade attack. And that might be facilitated by the attacker jamming bands of cell towers nearby. If I'm an attacker, I'm not going to disrupt everybody, but I'll target like a small area and a bunch of people are gonna lose service, but they'll all connect to me.

And then I can I can force to use a lower generation that has a lot more security vulnerabilities? 2G, for example, I just get them to connect to me and save We're doing two g. There's no mutual authentication. There's no way for them to verify whether I'm legitimate base station, and I can determine the level of encryption.

I basically run the show. I could do a whole lot of things to those phones. So that's a very common attack vector. Other things, if I can get physical access to your device, I can insert malware, I can maybe have a pre programmed payload for something that I know certain devices are vulnerable to.

I plug that into your phone. And you know, I've got a package delivered on your phone that can call back to some control center and and do other things. Malicious apps have a similar trajectory. I just need to get I need to get the ability to install those apps on your phone somehow and that might be challenging except that there's these toolkits out there these spyware tool kits that have implemented what they call zero click attacks, where they send a payload through some public mechanism.

It doesn't end up requiring any user interaction in order to install the payload. And then once that little package is installed that calls home, and downloads, the full package that ultimately compromises your device completely. And with these kinds of spyware tool kits, attackers can get access to all of the data on your device including your phone records.

They can listen in on your phone calls. They're gonna start your camera, your microphone, and and survey you while you're walking around. They can see your emails, your SMS, all all of the stuff that you rely on this very fancy device for is now compromised and subject to exploitation.