March 31, 2017
CVE-2017-2636: exploit the race condition in the n_hdlc Linux kernel driver bypassing SMEP
March 6, 2017
Security reflections from Mobile World Congress
Michael Downs, Director of Telecoms Security, EMEA
Mobile World Congress is not just a name, it is perfectly descriptive. The entire mobile world squeezes into a few square kilometres of Barcelona for four days. Given this concentration of senior execs, it’s a good place to form an opinion on industry trends and try to understand the place security has in the future of mobile.
Mobile World Congress is not just a name, it is perfectly descriptive. The entire mobile world squeezes into a few square kilometres of Barcelona for four days. Given this concentration of senior execs, it’s a good place to form an opinion on industry trends and try to understand the place security has in the future of mobile.
Transport was a massive theme this year. Someone mentioned there were more car
companies here than at a recent major motor show, and everything from chip-set
manufacturers to infrastructure providers were touting their connected mobility
play. It seems to be the most obvious large
scale early application for the Internet of Things as companies see problems
that can be solved with data connections, namely accidents, congestion and
general resource waste. The promise is great.
However, from a security point of
view, I got the impression the priorities for many of these propositions was
traditional elements such as speed to market, efficiency of UI, prioritizing
functionality, hardware power, connection speeds etc. Not many of the people on the booths I
questioned could truly answer the question of what they were doing to keep connected
cars, trucks and buses secure from abuse.
Maybe it was an unfair question, but given the scale of what is being
proposed, this raised a few eyebrows amongst our experts. The consequences of attacks on a fleet of
trucks, or the targeting of a car’s systems, don’t bear thinking about. Theoretically, such attacks are possible in
the same way an attacker would abuse existing Diameter or SS7 networks. Everything is assigned a number in the
network the same way a phone is, providing a marker from which to develop an
attack profile.
This is good for the mobile industry, but also for
attackers, as more connected things simply mean a larger attack surface on which
to work. As was demonstrated at our
expert dinner, we believe too many vulnerabilities are still present, both in
the underlying infrastructure that carries data and also in the radio delivery
from base station to user. This will
only be compounded on as more things become connected on an application level, driven
by increased digitization and usage of emerging web technologies.
From a signalling (SS7 and Diameter) point of view, the
underlying infrastructure to support this brave new world is vulnerable, and
becoming easier and cheaper to access by an attacker. For dollars per day, bad
actors can now buy access to core telecoms networks on the black market and
exploit either existing flaws, or new ones.
Once inside, all that is needed is a phone number (MSISDN) of your target or
targets, be it a person or a fleet of connected cars, to manipulate the
commands accordingly. The move towards
new protocols will only present new opportunities for bad actors, who are
notoriously creative and persistent.
This is not intended to be a doomsday rant. These are points we believe, as a research
based security company, are important to be on the mind of the mobile
industry. Many believe we are on the
edge of a new industrial revolution. If this is true, then the old mantra that
security needs to be built into the heart of things is never truer than right
now. We look forward to spending time
making sure the brave new world the mobile industry is creating, is kept safe
and can flourish for everyone’s benefit.
Subscribe to:
Posts (Atom)