With the introduction of the packet service, mobile user equipment (UE) are able to use the IP communication protocol. Without the right routing and filtering of UE communications, some sensitive assets on the operator’s infrastructure could be exposed, such as core network services. Mobile operators are generally aware of this kind of attack vector and apply the right mechanisms to avoid any risk from the subscriber context. Nevertheless, those mechanisms are different from an operator to another and their effectiveness varies. Research aspects in mobile networks are evolving a lot with the development of the SDR (Software-Defined Radio), as well as the SDNs (Software-Defined Networks), that introduce new kinds of architectures. These new architectures are mostly cloud-based systems and include also new features that need time to be fully understood and matured from the deployment perspective. In addition, with the research progress of SDR based 4G and 5G-NR NSA networks, new services also appeared to be used inside organizations like private mobile networks, but all security procedures and mechanisms are only provided by the organization itself. This post is an overview of previous assessments on private GPRS and LTE mobile network commercial and public solutions, but also 5G-NR NSA setups.
This article has been co-written and published in Medium on this page: https://medium.com/mobile-stacks-and-networks-security/introduction-to-mobile-network-intrusions-from-a-mobile-phone-9a8e909cc276.