LTE vs. Darwin

Presented at ShmooCon X (2014), Jan. 18, 2014, 5 p.m. (60 minutes)

Whether believing in Darwin or not, the Darwin-Award states an important fact of mankind, technology and probably everything that exists: You only make certain mistakes once. For mankind this usually implies taking oneself out of the gene pool, for companies it can mean to vanish of the market and for technology, well, early death.

So when looking at "Long Term Evolution," providers need to implement proposed features properly and work out secure configurations for their networks. Otherwise, they might be struck by Darwin; being hacked and having break ins in back - or front-end structures, could result in a situation from which companies might not be able to recover.

Having stated very ambitious plans, concepts and standards for LTE, the 3GPP group has designed a complex but self-organizing system. Surely, with new methods come new attack vectors. Our research is aimed at these new methods and split into three chapters: awareness of user equipment, an overview on self-organizing networks, and theoretical and practical attacks against themselves and their interfaces. This includes potential attack vectors, information gathering and an analysis of component implementation and the overall architecture.


Presenters:

  • Brian Butterly
    Hendrik Schmidt and Brian Butterly are seasoned security researchers with vast experiences in large and complex enterprise networks. Over the years they focused on evaluating and reviewing all kinds of network protocols and applications. They love to play with packets and use them for their own purposes. In this context they learned how to play around with telecommunication networks, wrote protocol fuzzers and spoofers for testing their implementation and security architecture. Both are pentesters and consultants at the German based ERNW GmbH and will happily share their knowledge with the audience.
  • Hendrik Schmidt
    Hendrik Schmidt and Brian Butterly are seasoned security researchers with vast experiences in large and complex enterprise networks. Over the years they focused on evaluating and reviewing all kinds of network protocols and applications. They love to play with packets and use them for their own purposes. In this context they learned how to play around with telecommunication networks, wrote protocol fuzzers and spoofers for testing their implementation and security architecture. Both are pentesters and consultants at the German based ERNW GmbH and will happily share their knowledge with the audience.