Rooting Out Risk: from Eavesdropping and Faking to Cloning and DoS
Our team of telecom experts will assess your RAN and a pre-agreed range of Base Transceiver Stations (BTS) to measure their vulnerability to fake authentication, identity impersonation, and disconnection of legitimate USIMs (universal subscriber identity modules). We also conduct off-site SIM vulnerability analysis. These security tests evaluate:
- Resistance to passive listening—we check the encryption algorithm in order to determine the likelihood of an attacker being able to eavesdrop on subscriber calls. Our tests evaluate the time interval during which an attacker could perform decryption in real time, and in cases when session keys are successfully received, check for randomization in padding bytes.
- Protection against phone and subscriber cloning—we track your network’s response to the use of both a non-valid mobile equipment identifier (IMEI) and multiple concurrent uses of the same IMEI (phone cloning). To determine the risk of subscriber cloning, tests also measure responses to the presence of two phones with the same temporary mobile subscriber identity (TMSI).
- Resistance to IMSI Catchers / Fake BTS—these tests determine whether attackers could introduce rogue transceivers or signal jammers on your network to intercept, degrade, or deny authorized and legal communications. We test for flaws such as improper filling in neighboring cells, which can make it easier for attackers to intercept with Fake BTS.
- Risk of DoS to subscribers—denial of service tests on a subset of base stations chosen by you allow our experts to evaluate whether attackers could successfully block some or all legitimate subscribers from accessing the network.
- SIM testing—our experts test a selection of your SIMs in our dedicated telecoms research lab. They uncover vulnerabilities and determine the operational implications, if any. This includes testing applets stored on the SIM by you or the manufacturer. Applets can be vulnerable to attacks using binary (OTA) SMS that may result in the disclosure of sensitive information.
Expert Analysis and Long-Term Support
We provide a detailed report describing each test and attack protocol used along with the results received. Our document details all current and potential vulnerabilities found and sets out recommendations for improving overall cell network security. We also provide an executive-level summary for your organization’s senior management outlining the key findings and recommendations.
But our help doesn’t end when the report is delivered. We can also return to retest your network and confirm the success of your remediation efforts.