[nsp-sec] Anyone work on LTE?

Marc Kneppers Marc.Kneppers at TELUS.COM
Fri Feb 28 10:22:56 EST 2014 

Hi Barry

We've been taking a look here. We've done some amount of low-level vuln scan stuff which simply highlighted our own mis-configs and the access paths that a handset has into the RAN. We've also done a few proof-of-concept trials in the lab to monitor/evaluate traffic on the S1-U side of things (basically, de-capsulating the GTP and running it through a security appliance), and we've sponsored research to look at RAN-based threats. This last item had us trialing an IPS on an Android device and characterizing the signalling characteristics of both normal and then malicious apps; this was used in an Opnet simulation on LTE to determine where the signalling problems might exist in a mass RAN_side security event (worm or popular app compromise).

As you can see, most of our stuff has been focused on the architecture angle. No serious pen-test of an MME or SGW specifically, for example.

Let me know if you'd like to discuss offline.

Marc Kneppers
TELUS Communications Inc. 
AS852

-----Original Message-----
From: nsp-security [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Barry Greene
Sent: February 27, 2014 05:48 PM
To: Nsp-Security List
Subject: [nsp-sec] Anyone work on LTE?

----------- nsp-security Confidential --------

Hi Team,

Is anyone working on LTE? I'm looking for anyone who has done as serious pen testing on LTE networks. Specifically on the eNodeB to EPC path - where there is this worry about people breaking and causing havoc. The risk assessments are not conclusive. The best one I found was from NGMN (they actually tried X.805). I welcome any $.02 from people. 

Thanks,

Barry


_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

More information about the nsp-security mailing list