Abstract

Mobile networks, once hailed as technological marvels, have danced with vulnerabilities that refuse to fade away. From SMS phishing to the silent whispers of IMSI catchers, the haunting symphony includes phone tapping, death by SMS, data leaks over SS7/Diameter interfaces, data fraud, SIM jacking, SIP spoofing. Join me in a captivating talk where we dive into the surreal world of persistent vulnerabilities that still lurk in the shadows of mobile networks, even in the midst of 5G.

Embark on a journey through my research, where I’ve delved into the relevance, wild occurrences, attack success probabilities, impact, and the haunting ease of fixing these old vulnerabilities. Overall a substantial gap between theoretical security frameworks and their practical implementation, particularly in 5G and LTE technologies. A staggering 80% of networks tested across North America, Europe, Asia, and the Middle East exhibit these vulnerabilities. Implementing systematic testing and mitigation measures can address many of these vulnerabilities, fortifying networks against large-scale attacks that could escalate with the interconnection of 5G networks.

This isn’t just a talk; it’s an exploration into the ghostly persistence of mobile network vulnerabilities and a questioning gaze into the future. Will the zero-trust and security-by-design mantras of 5G shield us entirely, or will they birth new specters of vulnerability through private networks, and open RAN? When will the echoes of these old bugs finally fade away?

Altaf Shaik