Salim S.I

Oct 31, 2024 | trendmicro.com | Jennifer Lin |Richard Y Lin |Salim S.I

By Jennifer C Lin, Richard Y Lin, and Salim S.IPrivate cellular networks extensively use cellular routers and gateways to provide connectivity for IoT devices, and compromised routers have been used as initial access vector to cellular networks. Web vulnerabilities dominate. The distribution of vulnerability types follows the same pattern as non-cellular routers. These are probably inherited from common router software development kits (SDKs).

Oct 31, 2024 | trendmicro.com | Jennifer Lin |Richard Y Lin |Salim S.I

By Jennifer C. Lin, Richard Y. Lin, and Salim S.IPrivate cellular networks extensively use cellular routers and gateways to provide connectivity for IoT devices, and compromised routers have been used as initial access vector to cellular networks. Web vulnerabilities dominate. The distribution of vulnerability types follows the same pattern as non-cellular routers. These are probably inherited from common router software development kits (SDKs).

Sep 18, 2024 | trendmicro.com | Richard Y Lin |Salim S.I

Preparation: Our attack machine is connected to the gateway. We used an SCTP scan to identify the AMF interface. Precondition-2The attacker needs to know PLMN, which is configured in packet-core (AP5GC). Cell towers broadcast PLMN in clear text so that UEs can identify it. Preparation: Software-defined Radios (SDRs) can be used to capture broadcasted messages from cell towers and find the PLMN. Precondition-3The attacker needs to know the Slice Service Type (SST) and (Slice Differentiator) SD.

Mar 27, 2024 | trendmicro.com | Salim S.I |Richard Y Lin

By Salim S.I. and Richard Y LinThe first part of our study on O-RAN explained vulnerabilities in RIC Message Router (RMR) architecture and library. In this second article, we cover potential threats to the E2 interface, which connects the Near Real Time RIC (near-RT RIC) with other RAN components (see Figure 1 below). A successful attack on the E2 interface can lead to non-availability or abnormal functioning of E2 services, which can degrade the performance of the cellular network.

Dec 1, 2023 | trendmicro.com | Salim S.I |Richard Y Lin

RRHs are usually located close to antennas, often mounted on the cell tower. The BBUs used to be co-located with the cell-tower but current infrastructure has them located further away, at a central site. The evolution of RAN is shown in this diagram from Analysys Mason. Virtualized RAN (vRAN) is a virtualized BBU that runs on commercial off-the-shelf hardware. In a disaggregated vRAN design, the BBU is split into two components, the central unit (CU) and the distributed unit (DU).