Silke Holtmanns的动态

Telecommunication Security Expert

8 个月已编辑

Randomness of keys and identifiers in Telco infrastructure is up to the vendors (implementation specific Vs standard). I personally believe this will not be the last "not-really-random" issue we will see.... I wonder how many vendors really updated the randomness of their TEIDs (cvd2022-0056 if I recall correctly) after it was reported to GSMA? Maybe operators should consider writing this explicitly in their RFQs and contract, after all if it is not in the contract or standard why should a vendor spend money on it? For altruism? PS: Just to clarify, even if the implementation is up to the vendor, the operation and lifecycle management for keys is commonly the responsibility of the operator.

SBA Research

1,477 位关注者

8 个月

?? ???????????????? ???????????????? ?????????????????????? ?????????????? ???????????????? ???????????????? ?????????????????????????????? ???? ???????????? – ?????????????????? ???????????????? ???????????? ????????????????! Significant global security vulnerabilities and the possibility of eavesdropping in Voice over WiFi (VoWiFi) have been exposed by security researchers from SBA Research, the Universit?t Wien, and the CISPA Helmholtz Center for Information Security in Saarbrücken.?VoWiFi, already supported by all major Austrian mobile operators, was thoroughly evaluated, revealing two independent security vulnerabilities. “??????????????????, ???? ?????????? 13 ???????????? ?????????????????? (?????????????????? ?????? ???????? ??????????????) ?????? ???????? ???? ?????? ?????????????? ?????????????????? ?????????? ?????????? ???????????????????????????? ???????? ?????? ???????? ???????????? ???????? ?????? ??????????, ?????????????????????? ?????? ?????????????????????????? ???????????????? ???? ???????? 140 ?????????????? ??????????????????.” Gabriel Karl Gegenhuber ?????? ????????????????: ?? ??????-????-?????????????? ????????: Some mobile operators used the same private keys for key exchange, affecting over 140 million customers worldwide, including operators from Austria, Brazil, and Russia. Vulnerability affected those operators using ZTE equipment for their core network. ?? ???????????????? ????????????????????: Up to 80% of client and server parameters that are used in real-world commercial VoWiFi deployments are deprecated since 2016, indicating a significant need for security improvements.? ?? ???????????? ?????????????????? ??????????????: Many new MediaTek chipsets allowed downgrades to the weakest key exchange method, even if unsupported by smartphone configuration, making cracking easier. “?????????????????????? ???????????????? ???????????????? ???? ???????????????? ???????????????????????????? ???? ?????????????????? ?????? ?? ???????????? ?????????????? ??????????????.” Adrian Dabrowski ?? ???????? ?????? ?????????? ????????????????: https://lnkd.in/geCkPTz9 The vulnerabilities were responsibly disclosed to @GSMA and relevant manufacturers and providers, leading to updates and improvements. ??????-????????-???????? - GSMA Mobile Security Research Acknowledgements https://lnkd.in/gS7HG-WF ??????-????????-?????????? - MediaTek June 2024 Product Security Bulletin https://lnkd.in/gNaszESz ??????-????????-?????????? - ZTE Configuration Error Vulnerability in ZTE ZXUN-ePDG?https://lnkd.in/gEpr7VAS ??: Niklas Schnaubelt, Laura Jahke / CISPA #Vulnerability #VoWiFi #SecurityResearch #ForschungWirkt #comet2gether

要查看或添加评论，请登录

最相关的动态

ShiftSix Security

202 位关注者
8 个月
举报此动态
Telit Cinterion mobile modems, crucial to sectors like commercial automation, healthcare, and telecommunications, had been located vulnerable to a series of security flaws. These vulnerabilities, disclosed by way of Kaspersky's ICS CERT department, permit remote attackers to execute arbitrary code through SMS messages, posing great risks to operational protection and records integrity. In November, Kaspersky's ICS CERT identified eight distinct vulnerabilities in Telit Cinterion modems, seven of which were assigned CVE identifiers starting from CVE-2023-47610 to CVE-2023-47616. Those vulnerabilities, consisting of a severe heap overflow trouble (CVE-2023-47610), had been responsibly pronounced to Telit in February 2023. Regardless of some patches issued by means of the seller, numerous vulnerabilities stay unaddressed, continuing to reveal devices throughout various industries to potential exploits. #CyberSecurity #IoTSecurity #TelitCinterion #IndustrialAutomation #TelecomSecurity

Widely used modems in industrial IoT devices open to SMS attack

bleepingcomputer.com
赞评论
要查看或添加评论，请登录
Murat CAKIR

Embarking on a New Journey (For Now)!
10 个月
举报此动态
https://lnkd.in/dytWaibw Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT devices foundational to industrial, healthcare, automotive, financial and telecommunications sectors," Kaspersky?said. Cinterion modems were originally developed by Gemalto before the business was?acquired?by Telit from Thales as part of a deal announced in July 2022. The findings were?presented?at the OffensiveCon held in Berlin on May 11. The list of eight flaws is as follows - CVE-2023-47610?(CVSS score: 8.1) - A buffer overflow vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message. CVE-2023-47611?(CVSS score: 7.8) - An improper privilege management vulnerability that could allow a local, low-privileged attacker to elevate privileges to manufacturer level on the targeted system. CVE-2023-47612?(CVSS score: 6.8) - A files or directories accessible to external parties vulnerability that could allow an attacker with physical access to the target system to obtain read/write access to any files and directories on the targeted system, including hidden files and directories. CVE-2023-47613?(CVSS score: 4.4) - A relative path traversal vulnerability that could allow a local, low-privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system. CVE-2023-47614?(CVSS score: 3.3) - An exposure of sensitive information vulnerability that could allow a local, low-privileged attacker to disclose hidden virtual paths and file names on the targeted system. CVE-2023-47615?(CVSS score: 3.3) - An exposure of sensitive information through environmental variables vulnerability that could allow a local, low-privileged attacker to obtain unauthorized access to the targeted system. CVE-2023-47616?(CVSS score: 2.4) - An exposure of sensitive information vulnerability that could allow an attacker with physical access to the target system to get access to sensitive data on the targeted system. The most severe of the weaknesses is CVE-2023-47610, a heap overflow vulnerability in the modem that enables remote attackers to execute arbitrary code via SMS messages.

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

thehackernews.com
赞评论
要查看或添加评论，请登录
David Mejia

RED team Cybersecurity | Offensive Security | Threat intelligence | SOC Analyst
10 个月
举报此动态
???? Security Advisory ???? Summary: Security flaws in Telit Cinterion cellular modems, crucial in industrial, healthcare, and telecommunications sectors, pose a severe threat as attackers could execute arbitrary code remotely via SMS. The most critical vulnerability, CVE-2023-47610, allows deep-level access to the modem's operating system without authentication, potentially compromising data integrity and network security. Although Telit has patched some vulnerabilities, others remain unaddressed, impacting various modem variants and posing significant risks globally. Mitigations: ? Work with telecom operators to disable SMS sending to affected devices and implement secure private APNs. ? Enforce application signature verification to prevent the installation of untrusted MIDlets on modems. ? Implement measures to prevent unauthorized physical access to devices, such as secure installation and monitoring procedures.

Widely used modems in industrial IoT devices open to SMS attack

bleepingcomputer.com
赞评论
要查看或添加评论，请登录
Saleh Darzi

Graduate Research Assistant at University of South Florida
6 个月已编辑
举报此动态
I’m excited to share that my paper, "??????????????-???????????????????? ?????? ????????-?????????????? ?????????????? ???????????? ???? ?????????????? ?????????????????? ?????? ???????????????? ????????????????," has been accepted at the ???????? ???????????????? ???????????????????????????? ????????????????????! (https://lnkd.in/eWjQnGzR)?? Not only that, but I’ve also been invited to present my framework during the ?????????? ?????????????? ???????????????? session ??. The paper will be featured in the ?????????? ???????????????? ?????? ?????????????? ?????????????????? track of the unclassified panel, and I look forward to presenting it from October 28 to November 1, 2024, in Washington, DC. I want to express my heartfelt gratitude to Dr. Attila Altay Yavuz?for his invaluable mentorship and guidance throughout this journey. The paper is now available: https://lnkd.in/ergrVehP Abstract:? As network services progress and mobile and IoT environments expand, numerous security concerns have surfaced for spectrum access systems. The omnipresent risk of Denial-of-Service (DoS) attacks and raising concerns about user privacy (e.g., location privacy, anonymity) are among such cyber threats. These security and privacy risks increase due to the threat of quantum computers that can compromise long-term security by circumventing conventional cryptosystems and increasing the cost of countermeasures. While some defense mechanisms exist against these threats in isolation, there is a significant gap in the state of the art on a holistic solution against DoS attacks with privacy and anonymity for spectrum management systems, especially when post-quantum (PQ) security is in mind. In this paper, we propose a new cybersecurity framework PACDoSQ, which is (to the best of our knowledge) the first to offer location privacy and anonymity for spectrum management with counter DoS and PQ security simultaneously. Our solution introduces the private spectrum bastion (database) concept to exploit existing architectural features of spectrum management systems and then synergizes them with multi-server private information retrieval and PQ-secure Tor to guarantee a location-private and anonymous acquisition of spectrum information together with hash-based client-server puzzles for counter DoS. We prove that PACDoSQ achieves its security objectives, and show its feasibility via a comprehensive performance evaluation.

Privacy-Preserving and Post-Quantum Counter Denial of Service Framework for Wireless Networks

arxiv.org

16 条评论
赞评论
要查看或添加评论，请登录
YOUSSEF KETAJ

Aspiring Penetration Tester| TryHackMe top 1%
1 个月
举报此动态
???Critical Vulnerabilities Discovered in LTE/5G Core Networks: Implications for Global Cellular Security??? Researchers from the?Florida Institute for Cybersecurity Research?have uncovered?119 vulnerabilities?across?10+ LTE/5G core network implementations, including widely used platforms like?Open5GS, Magma, OpenAirInterface, and Athonet. These flaws pose severe risks to cellular infrastructure, enabling attackers to: - Disrupt service for entire cities?via unauthenticated packet injection. - Gain remote access?to core networks (e.g., monitor user locations, pivot to critical systems). - Exploit?memory corruption?and?buffer overflows?to execute code. Why This Matters: Cellular networks are the backbone of modern communication and emergency services. These vulnerabilities could allow adversaries to: ?? Crash critical components (MME/AMF) with a single malicious packet. ?? Exploit Wi-Fi Calling to launch attacks?over the internet?(no physical proximity needed). ?? Compromise femtocells or base stations to infiltrate core networks. Key Findings: ???Every tested LTE/5G implementation had vulnerabilities—open-source?and?proprietary. ???Service disruption?is possible in all cases; some flaws enable?full remote code execution?(RCE). ???Threat models include: - Unauthenticated devices (no SIM card required). - Adversaries with base station/femtocell access. Disclosure & Mitigation: The team followed responsible disclosure practices, collaborating with vendors for?90+ days?to deploy patches. Projects like Magma and OpenAirInterface have already issued fixes. For unresponsive maintainers, patches were submitted directly to their repositories. Call to Action: If your organization relies on LTE/5G cores (especially Open5GS, Magma, or Athonet): 1???Patch immediately—many CVEs are now public (e.g., CVE-2024-24445, CVE-2023-37024). 2?? Audit network components for vulnerable versions. 3?? Prioritize?N2/N3 interface security?and firmware updates for base stations. This research underscores the urgent need for?security-first design?in critical infrastructure. As 5G adoption grows, so does the attack surface—proactive defense is non-negotiable. ???Dive deeper into the technical analysis: https://lnkd.in/eft-sfj9 ???Share this post?to raise awareness among telecom and cybersecurity teams. #Cybersecurity #5G #CriticalInfrastructure #NetworkSecurity #VulnerabilityManagement
赞评论
要查看或添加评论，请登录
Paolo Ballanti

Cyber Security Something
2 个月
举报此动态
“Every one of the vulnerabilities can be used to persistently disrupt all cellular communications (phone calls, messaging and data) at a city-wide level” Imagine an entire city suddenly isolated: no calls, no messages, no data. According to research from the Florida Institute for Cybersecurity Research and North Carolina State University, vulnerabilities in LTE and 5G implementations could make this scenario a reality. Researchers have identified 119 flaws that, if exploited, could allow an attacker to disrupt cellular communications on a large scale. In some cases, a single packet sent from an unauthenticated device would be enough to crash key network functions, such as the MME or AMF, causing a persistent outage until the operator resolves the issue. At the end of the day, the times of war we are experiencing make me think that the day is not far off when we will witness large-scale attacks on critical infrastructure, designed to cripple entire cities using solely cyber means.

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity

securityweek.com
赞评论
要查看或添加评论，请登录
Mohammad Mehdi Edrisian

Head of Cybersecurity Department and Senior Penetration Tester
2 个月
举报此动态
?? 100+ vulnerabilities in LTE & 5G networks threaten global connectivity! Learn how attackers exploit these flaws & how to stay protected. #CyberSecurity #5GVulnerabilities

FindSec Cybersecurity Solutions

424 位关注者
2 个月

Over 100 LTE & 5G Vulnerabilities A study has revealed over 100 vulnerabilities in LTE and 5G infrastructures, threatening remote core compromises, DoS attacks, and critical network breaches. These flaws affect both open-source and proprietary systems, posing risks like unauthorized access, data breaches, and city-wide service disruptions. Immediate action, such as regular updates, vulnerability assessments, and zero-trust architectures, is crucial to securing these networks. Read More: https://lnkd.in/dPxGZ5M5 #5GVulnerabilities, #NetworkSecurity, #LTEThreats, #CyberSecurity, #RemoteCompromise, #TelecomSafety, #IoTSecurity, #5GSafety, #CyberRisk, #TechSecurity #Canada #CanadaCyberAwareness

Over 100 LTE & 5G Vulnerabilities

findsec.org

1 条评论
赞评论
要查看或添加评论，请登录
Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE

VP IT Audit at JPMorgan Chase &amp; Co.
2 个月
举报此动态
Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc_Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks," Qualys security researcher Shilpesh Trivedi said in an analysis. The campaign is known to be active since at least July 2024, with over 1,370 systems infected to date. A majority of the infections have been located in Malaysia, Mexico, Thailand, Indonesia, and Vietnam. Evidence shows that the botnet leverages known security flaws such as CVE-2017-17215 and CVE-2024-7029 to gain initial access to the Internet of Things (IoT) devices and download the next stage payload by means of a shell script. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations?

Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

thehackernews.com
赞评论
要查看或添加评论，请登录
binare.io - IoT pentester's must-have tech

10,622 位关注者
8 个月
举报此动态
#NewsRundown #BinareBlog by #BinareTeam - https://lnkd.in/dnVK9Y9p "Security Vulnerabilities Newsletter: Top News Rundown (Weeks 23/31-2024)" [Mystery miscreant remotely bricked 600,000 Soho routers with malicious firmware update] - Insecure #Routers [RaspAP Flaw Let Hackers Escalate Privileges with Raspberry Pi Devices] -?Insecure #RaspberryPi [Traeger security bugs bad news for grillers with neighborly beef] -?Vulnerable #WiFiControllers [China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices] -?Insecure #Switches [Threat Actors Actively Exploit D-Link DIR-859 router flaw CVE-2024-0769] - Insecure #Routers [No Patches for Hospital Temperature Monitors’ Critical Flaws] -?Insecure Proges Plus [Critical UEFI Flaw in Phoenix Group Firmware Hits Major PC Brands] - Insecure Lenovo Acer Dell Technologies HP [Cybersecurity and Infrastructure Security Agency Warns of High-Severity Flaw in RAD Data Communications SecFlow-2 Switches] -?Insecure #Switches *** While at blog.binare.io, don't be shy and subscribe to our Newsletter (top-bar) - and receive best #FirmwareSecurityContent #IoTSecurityContent :)! #cybersecurity #security #firmware #computing #technology #embeddedsystems #computersecurity #ethicalhacking #iot

Security Vulnerabilities Newsletter: Top News Rundown (Weeks 23/31-2024) - binaré (binare.io)

https://blog.binare.io
赞评论
要查看或添加评论，请登录
Van Lurton
2 个月已编辑
举报此动态
New vulnerabilities in four tunneling protocols have been discovered, allowing attackers to hijack 4.2 million internet hosts, including VPN servers and home or enterprise routers. These flaws enable attackers to hijack devices and gain unauthorized access to corporate and home networks, using them as one-way proxies for various malicious activities. The attacks include new denial-of-service (DoS) techniques and DNS spoofing, facilitating other attacks like TCP hijacking, SYN floods, and Wi-Fi disruptions. Top10VPN researchers found that the majority of attacks have occurred in Brazil, China, France, Japan, and the United States. These vulnerabilities allow attackers to spoof source addresses and route malicious traffic through unsuspecting hosts, making it appear legitimate. This can lead to stealthy distributed denial-of-service (DDoS) attacks, unauthorized access to networks, and the infiltration of IoT devices. Experts recommend that organizations ensure that tunneled traffic is only accepted from trusted endpoints, implement source validation, apply patches for affected products, and use strict firewall rules. It is also crucial to harden tunneling configurations and verify authentication checks. Tunneling and amplification-based attacks have been a longstanding issue. Security teams are advised to harden edge devices and limit listening services to prevent unauthorized access. If certain services are not in use, they should be shut down to reduce the risk of exploitation.

4.2 million internet hosts hijacked via bugs in tunneling protocols

scworld.com
赞评论
要查看或添加评论，请登录

2,028 位关注者

834 则动态

查看档案关注

登录查看更多内容