Attacks From a New Front Door in 4G & 5G Mobile Networks presented at Black Hat USA 2022

by Altaf Shaik, Shinjo Strada,

Tags: Network Security Mobile


Summary : The inception of APIs in the telecom industry is destined to change the way mobile networks operated over the last 3 decades. The latest mobile networks now open their doors to enterprise customers, service providers, and application developers providing access to data and core network functions within the carrier's network. This access is facilitated by the well-known HTTP based Restful API paradigm and allows the integration of automotive, health care, industries, and many others with the 5G mobile networks. This talk brings to light for the first time the practical details of the APIs that enable next-generation AI, MEC, and IoT applications using the latest 4G and 5G networks. A security investigation on hundreds of APIs from 10 commercial providers and operators reveals that all of them contain several of the top ten most critical API weaknesses. Even an average attacker can easily find a RCE and disrupt the operation of billions of IoT devices that tend to rely on the latest mobile networks. We put forward the security loopholes in telecom exposure APIs and once again remind you that security should be rooted into the design of 5G and IoT networks.