Presentation Title: Real World Attacks Against 3G Networks Using Subscriber Devices
Cellular networks, like any other data network, requires careful attention to network design such as proper segmentation of subscriber generated traffic from network management & signaling traffic. We present an attack penetration method using only standard subscriber equipment to compromise an operator network.
We will demonstrate how standard IP network reconnaissance techniques were used to identify critical infrastructure in a GSM network. We will further demonstrate how an attacker can use this knowledge to cripple the GSM network. We will also show how an in-depth analysis of the network infrastructure and the IP routing information stored on L3 devices allowed us to create a complete end to end network diagram of the cellular network.
Finally, a brief comparative analysis will be made between GSM, WiMAX, LTE, and CDMA standards to identify which (if any) 3G/4G technologies mitigate these attacks using their security architecture.