Press Release: Current Threats in Cellular Networks – DeepSec Security Conference offers Security Training in dealing with Current Cellular Technology
In the past 40 years, cellular technology has achieved a veritable triumph. Availability, stability and data rates have increased significantly compared to the origins of 1G / 2G networks. The enthusiasm for security research in this area is not quite as enthusiastic. There are still weak points and tradeoffs in information security. At the first DeepSec conference in 2007, the weaknesses of A5 encryption were revealed. This year’s conference therefore again offers a two-day workshop on the security of current cellular technology.
Basis of the communication society
Many of the conveniences of modern life are inconceivable without cellular networks. The internet is almost always available. Communication is very easy even outside of cities, during leisure activities or when going for a walk, reception is of course required. The evolution of the technological generations up to 5G have produced many applications. The availability of end user devices and providers is given in developed areas worldwide. Since people like to communicate and communication is one of the basic needs, it must be protected accordingly. Not all conversations automatically want to be held in public. Communication often contains confidential information, regardless of whether it is professional or private! However, there is no general answer to the question of how secure a cellular connection is. This is due to fundamental design decisions that were made when specifying cellular network protocols. There are therefore still security weaknesses that affect all cellular networks equally.
Workshop for work in sensitive areas
The two-day workshop offered in November aims to convey the functionality of the various mobile radio technologies (GSM, UMTS, LTE, 5GNR). The declared goal is to prepare the technical properties and the implications for information security in such a way that the use of mobile communications by end users can be planned in a targeted manner. The target audience of the training are the areas of investigative journalism, non-governmental organizations, international aid organizations, international corporations and people who are legally connected to mobile communications as incidents that are being investigated. Few people know what actually happens in their own telephones and in the cellular network when a connection is established and used. However, this basic understanding is essential when working in sensitive areas and is the core of any planning of protective measures.
The training is explicitly about the cellular part (the so-called baseband module). All of the threats and risks discussed affect all cell phones, including all smartphones, regardless of the manufacturer.
Examples from media reports
Besides the theory of mobile communications, case studies that are known from media coverage are discussed and analyzed in detail. The trainer will also show security vulnerabilities to relate to practice. The goal is a better understanding of the technology. In particular, the widespread use of mobile phones has pushed the systematic analysis of relevant threats for certain areas of activity into the background.
The event would therefore like to give everyone who is professionally affected by weak points in mobile communications the opportunity to use the existing technologies correctly.
Rare expert knowledge in Vienna
David Burgess, the workshop trainer, has been involved with telecommunications since 1998. His experience in signals intelligence later led him to commercial vendors. He penned the original implementation of OpenBTS, a free base station for cellular radio, as well as other implementations of radio protocols. David offers his services to customers in the telecommunications sector. He tests systems, individual devices, logical implementations (for example in software) and advises as an expert in legal cases.
Programs and booking
The DeepSec 2021 conference days are on November 18th and 19th. The DeepSec trainings will take place on the two preceding days, November 16 and 17. All trainings (with a few exceptions) and lectures are intended as face-to-face events, but because of future COVID-19 measures they can take place partially or completely virtually.
The DeepINTEL Security Intelligence Conference will take place on November 17th. Since this is a closed event, we ask for direct inquiries about the program. We provide strong end-to-end encryption for communication: https://deepsec.net/contact.html
You can order tickets for the DeepSec conference and the trainings online at any time under the link https://deepsec.net/register.html. Sponsor discount codes are available. If you are interested, please contact deepsec@deepsec.net. Please note that we are dependent on timely ticket orders due to the security of planning.