With the emergence of 5G-NR NSA (Non-StandAlone) and the future deployment for SA (Standalone) mode, many devices including mobile phones, IoT devices, and connected cars will be actively connected to the internet. Moreover, the use of NR-U (New Radio Unlicensed) bands with 5G allows private companies, as well as campuses and other places to own their own 5G network. All of these changes introduce new risks that will see during this training.
Indeed, this course aims to focus on 5G NSA (Non-Standalone), and SA (Standalone) security, giving the techniques to perform security assessments on devices as well as on the core network. For the practice, all challenges will generally take place on our cloud-connected to our 5G-NR setup inside a faraday cage. Moreover, additional advices will be given to attendees to create the best assessment set up according to their budget.
Day 1 will introduce the 5G NSA mode, but also the SA mode that should appear in many countries in fall 2022. During this day, we will introduce also the radio aspect, the tools, and the setup to organize our RF assessments with Software-Defined Radio.
- Introduction to mobile networks and protocols (2G/3G/4G/5G)
- Differences between 5G NSA and SA
- Security mechanism on the radio
- SIM/USIM/ISIM cards
- Equipment and tools for our tests
- Incoming tools
- Possible attacks on 5G-NR
- How to safely assess 5G devices
- Hunting for vulnerabilities
- Running an NSA and SA network
- Downgrading stack on a 5G device equipment
- Fingerprinting devices
- Generating secrets
- Programming an ISIM card
- Registering a device
- Hunt for secrets and vulnerabilities
- Decode and manipulate radio frames
- Play with control and user (data) planes
The last day will be an opportunity to see the core network side, which could be very interesting in cases the operator exposes some nodes outside, as was the case many times. Moreover, it will focus more on the Standalone mode, which will drastically change from 2G-4G infrastructures and applications.
During this day, attendees will also realize why it is important to not only rely on the 5G-NR security mechanisms only but also provide additional countermeasures in devices as well.
- Introduction of the 5G SA infrastructure and REST APIs
- Security Mechanisms
- Possible attacks
- Hunting for exposed nodes/gateways
- Our latest feedbacks
- Mapping a cloud
- Look for exposed services
- Finding and exploiting vulnerabilities to intrude the service
- Attacking the API to get persistent
- Hijack communications
- Map devices in remote from the exposed network
- Find and exploit vulnerabilities on devices