This course aims to educate learners on the security vulnerabilities present in 4G and 5G mobile networks, specifically focusing on API weaknesses. The learning outcomes include understanding the practical details of APIs enabling AI, MEC, and IoT applications, as well as identifying critical API weaknesses. The course teaches skills such as analyzing network exposure, configuring SIMs, managing tokens, and implementing secure API design. The teaching method involves a detailed investigation of APIs from commercial providers and operators, highlighting security risks and attack models. This course is intended for cybersecurity professionals, network engineers, mobile developers, and individuals interested in mobile network security.
Attacks From a New Front Door in 4G & 5G Mobile Networks
Overview
Syllabus
Intro
General mobile network
Exposure via a provider
Drone control via network exposure
Control and configure the SIMS
How it works: Get device location
Misc functions
Attack model for network exposure
Commercial loT service platform security configurations
Platform design and forged access?
Guessable username and password policies for API authentication
Token management
Lack of rate limiting for API requests
Private identifiers used in apps domain
Verbose error messages
Firewall vs secure API-by-design
Malware propagation inside user plane
Internal node exposure
Broken authorization while sending downlink message
Access control misconfiguration
Script Injection
XSS execution
Summary of security analysis
Taught by
Black Hat
