Monday, 7 October 2019

Exploiting Possible 5G Vulnerabilities


The standards can try their best to ensure that the next generation of protocols is more secure than the previous one but there is always some way in which the protocols can be exploited. This is where researchers play an important role in finding such vulnerabilities before they can be exploited by hackers. Frankly I am quite sure that only a handful of these vulnerabilities are found and hackers always have something that may never be found.

In the recent HITBSecConf or the Hack In The Box Security Conference Altaf Shaik presented "4G to 5G: New Attacks". He along with Ravishankar Borgaonkar has been working to find out issues with security in cellular networks. In fact in the GSMA Mobile Security Hall of Fame, they both appear twice, individually.

From the talk narrative:

5G raises the security bar a level above 4G. Although IMSI exposure is prevented in 5G, we found new vulnerabilities to attack devices and subscribers. In this talk we expose a set of vulnerabilities in the 5G/4G protocols that are found in network operators equipment and also consumer devices such as phones, routers, latest IoT sensors, and even car modems. Our vulnerabilities affect several commercial applications and use cases that are active in 4G networks and are expected to take off in 5G networks. We developed automated tools to exploit the exposed cellular information and share some of our research traces and data sets to the community. We demonstrate a new class of hijacking, bidding down and battery draining attacks using low cost hardware and software tools. We did a rigorous testing worldwide to estimate the number of affected base stations and are surprised by the results. Finally our interactions with various vendors and standard bodies and easy fixes to prevent our attacks are discussed.

Slides and Video is embedded below






Slides and Whitepaper can be downloaded from here.

Further Reading:

Friday, 4 October 2019

CW Seminar: The present, the future & challenges of AR/VR (#CWFDT)


One of my roles is as a SIG champion of the CW (Cambridge Wireless) Future Devices & Technologies Group. We recently organised an event on "The present, the future & challenges of AR/VR". The CW team has kindly even summarised it here. I have also tried to collect all the tweets from the day here.

Why is this important? Most of the posts on this blog is about the mobile technology and I am guessing most of the readers are from that industry too. While we are focussed too much on connectivity, it's the experience that makes the difference for most of the consumers. On the operator watch blog, I wrote recently about South Korea and the operator LG Uplus. Average data usage by 5G users in Korea is as high as 18.3GB, and average 4G users use 9GB in the same period, according to MSIT in May 2019. 5G data is about 2 times than that of 4G. This remarkable traffic growth is driven by UHD and AR/VR contents. According to the operator LG Uplus, new services featuring AR and VR functions are proving popular and already account for 20% of 5G traffic, compared with 5% for 4G.

Coming back to the CW event, some of the presentations were shared and they are available here for a limited time. There were so many learnings for me, it's difficult to remember and add all of them here.

Our newest SIG champ Nadia Aziz covered many different topics (presentation here) including how to quickly start making your own AR/VR apps and how AR apps will be used more and more for social media marketing in future.


Mariano Cigliano, Creative Developer at Unit9 (presentation here) discussed the journey of their company and what they have learned along the way whilst developing their solution to disrupt the design process through integrating immersive technologies.


Aki Jarvinen from Digital Catapult (presentation here) explained about Brown-boxing and Bodystorming. Both very simple techniques but can help get the app designers story straight and save a lot of time, effort and money while creating the app.


James Watson from Immerse (presentation here) talked about VR training. So many possibilities if done correctly and can be more interactive than the online or classroom training's.



Schuyler Simpson, Vice President - Strategic Partnerships & Operations at Playfusion (presentation here) discussed the reality of enhanced reality, diving deep into the challenges about creating an experience that resonates best with audiences. In his own words, "Enhanced Reality blends visual, audio, haptic, and intelligent components to create highly personalized, immersive, and most importantly, valuable experiences for organizations and their audiences."

The most valuable learning of the day was to create an AR/VR app (just in theory), assuming there is no technology limitation. The whole journey consisted of:

  • Brainstorming of the Use Case
  • Key Pain Points
  • Sort the pain points in priority and select top 3 or 5
  • Map customer journey
  • Define persona for which the app is being designed
  • Map their journey
  • Touch points
  • What can be improved on those touch points 
  • Design a VR/AR application for the defined problem 
  • Storyboarding AR/VR use case
  • UX design considerations – spatial, emotional.. 
  • Scribe a prototype 
  • Playback to others.


Thanks to everyone who helped make this whole event possible, from the SIG champs to the CW team and the host & sponsors NTT Data. Special thanks to our newest SIG champ, Nadia Aziz for tirelessly working to make this event a success.

Related Articles: