Vulnerabilities in base stations

[rakhirhif8963]

Moreover, if an attacker has physical access to the device but does not know the APN, it can still be obtained using its own base station. The first time the device tries to connect to the base station, it will be rejected with the reason "Missing or unknown APN", after which the attacker will be able to obtain the value of the custom APN that the device tried to connect to. Using this method, it is possible to obtain the custom APN and OAuth from unencrypted http requests.

Base station vulnerabilities have not been sufficiently studied. Moreover, responsible disclosure practices are extremely rare among cellular equipment vendors. Vendors ignore vulnerability reports for marketing or resource reasons. It gets to the point that it is almost impossible for security researchers to purchase base stations for research latvia mobile database vendors, since their sales channels are primarily focused on large orders.

For example, the manufacturer of the small cell used in the campus network study explicitly asked that the vulnerability not be disclosed without prior notice.

A vulnerable base station can become a promising interception point for attackers, since in a campus network base stations are often connected to the local network without using encryption.

Conclusions and recommendations
For years, security vendors have debated the cognitive differences between IT and OT when it comes to security. Our research shows that campus networks bring a new factor to the table: communications technology, or CT. To maintain a campus network, IT/OT staff must also have CT knowledge to ensure its security.

Here is a list of key measures to protect the campus network and prevent threats from affecting the production control network:

Use VPN or IPsec to protect remote communication channels, including remote sites and base stations. It is important to remember that LTE and 5G do not provide automatic encryption;