After performing a large number of real-world, scenario orientated cyber simulations against the client for half a decade, the client asked us to focus our efforts assessing the security of one of their most important assets within their global mobile telecoms networks. 

​

This global mobile provider was were keen to gain assurance that their mobile LTE / 5G networks were sufficiently secure against both physical & digital attacks; as such we tailored our assessment across 3 primary domains to assess if we could access the mobile core networks: 

 - Access through physical Base Station equipment

 - Access through User Equipment

 - Access through physical offices

​​​​​

Targeting of Physical Base Stations

 

When assessing the physical base stations we were interested in a number of things; following the compromise of the base station physical security controls could we find vulnerabilities that could be used to leverage or disrupt local communications of a single base station, and could we gain access to mobile Core networks or internal corporate networks. 

​

Once access was gained to a physical base station, we performed assessments that would take into account the potential for insider threat, equipment compromise via interdiction and long term rogue device implant. 

​​

We guided the client through the planning and design of how a global attack against their 4G infrastructure would look.

​​

Targeting of Core through UE

​

For this part of the assessment we used a range of mobile handsets, tablets and SIM enabled laptops to connect to the network.

 

 - APN brute forcing 

 - APN credential bruteforcing 

 - Tracerouting 

 - Router assessments

The project involved multiple stages including black and grey box remote testing of the mobile infrastructure.

​

Following a number of successful realistic cyber attack scenarios, run both remotely and against global office locations,