The Cell Network: A Previously Invisible Attack Surface
Since its inception, the global cellular infrastructure has relied heavily on the luxury of “security through obscurity”. Historically, the specialized equipment required to monitor cellular network operation, much less interfere with its operation, has been generally unavailable and unlicensed outside the telecommunications industry.
But rapid advances in the field of low-cost software defined radio has made it possible to create unlicensed “rogue” cell networks with ease. As far back as 2010, security researcher Chris Paget demonstrated the ability to spoof a cell network using a standard laptop and a few hundred dollars in commercially-available hardware. These rogue networks are generally indistinguishable from legitimate cellular networks, fooling mobile devices into connecting and allowing transparent interception of cellular voice and data communications.
Rogue cellular networks are considerably more widespread in the United States than previously anticipated. Recent research by GSMK, creators of the CryptoPhone, uncovered a surprising number of rogue cellular networks operating in the Washington DC area alone. While most security professionals are well aware of this emerging threat, the lack of commercially-viable cellular monitoring tools leaves today’s enterprises defenseless, unable to detect and respond to these attacks.
“As the modern workforce increasingly migrates to 4G and LTE for the majority of their business communications,” says TrustedSec founder and industry expert David Kennedy, “the lack of any type of visibility on the cellular spectrum leaves today’s enterprises flying blind and away from traditional detection capabilities.”
The Pwnie Response: Cell Network Threat Detection
To answer this growing enterprise concern, Pwnie Express will be publicly demonstrating a live prototype for detecting cell network threats at the 2015 RSA conference. Currently slated for general availability to Pwn Pulse customers in Q3 2015, this capability will extend Pwnie Express’s award winning sensor technology to monitor an organization’s airspace for high-risk cellular activity in near real-time.
“By forgoing the need for expensive, specialized equipment, this will be the first practical cell network threat detection technology available in a turnkey commercial product”, says Pwnie Express founder & CTO Dave Porcello. This first-to-market capability will alert on a range of high-risk cell network threats, including malicious cellular base stations, unlicensed “rogue” cell networks, IMSI catchers (AKA “interceptors”), unauthorized microcells/femtocells, and even cell jammers – all of which spell a hostile environment for today’s mobile enterprise.
With cellular threat detection, Pwn Pulse will add yet another game-changing capability to its repertoire. By monitoring wired, WiFi, Bluetooth, and now cellular devices in near real-time, Pwn Pulse gives security professionals a comprehensive view of not only their own network, but the organic network of wireless hardware that exists inside and outside of their physical location. “I’m tremendously excited about this new capability”, says Porcello. “For the first time, enterprises and InfoSec professionals will finally gain some insight into the previously invisible world of cellular device threats.”