Mobile Network Vulnerabilities Affecting All Cellular Generations Since 2G

It has been reported that researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks using low-cost equipment. The “vulnerabilities in the handover procedure are not limited to one handover case only but they impact all different handover cases and scenarios that are based on unverified measurement reports and signal strength thresholds,” researchers Evangelos Bitsikas and Christina Pöpper from the New York University Abu Dhabi said in a new paper. “The problem affects all generations since 2G (GSM), remaining unsolved so far.”

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Hank Schless
Hank Schless , Senior Manager, Security Solutions
InfoSec Expert
December 22, 2021 5:26 pm

<p>Network vulnerabilities, whether they affect the cell towers themselves or the mobile devices they connect to, are less frequent than other attack types but could be just as effective. We inherently trust our mobile devices to connect to legitimate networks, and many people don’t think about this as a possible attack vector. </p>
<p>It’s important to secure your mobile device with security that can alert you when you’re connected to a malicious network. This is critical, especially for WiFi connections, for preventing malicious man-in-the-middle (MiTM) attacks that could give an attacker to all of your data as it travels on and off the device. </p>
<p>This vulnerability also shows the risks that exist for interconnected services. As we continue to rely more heavily on services that can seamlessly exchange information in order to make it constantly available to us, threat actors are finding vulnerabilities in the bridges that connect them. Whether it’s a network of cell towers or a network of cloud apps we use to access sensitive data, there’s an expectation that we can always connect to what we need. This expectation breeds a level of trust that attackers exploit in order to gain access to our personal and sensitive data.</p>

Last edited 11 months ago by Hank Schless
Would love your thoughts, please comment.x