[REVS] GPRS Wireless Security: Not Ready For Prime Time

From: SecuriTeam (support_at_securiteam.com)
Date: 09/16/03

  • Next message: SecuriTeam: "[NEWS] Nokia Electronic Documentation - Multiple Vulnerabilities" 
    To: list@securiteam.com
Date: 16 Sep 2003 15:03:18 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      GPRS Wireless Security: Not Ready For Prime Time
    ------------------------------------------------------------------------

    SUMMARY

    Mobile GPRS devices contain built-in support for Internet Protocol (IP)
    networks. Network operators installing next generation equipment often
    believe handsets are isolated from potentially more sensitive parts of the
    network operator's infrastructure. In @stake's experience, however, mobile
    equipment users are separated from critical network components by only one
    or two IP devices. Thus, a compromise of one of these IP devices places
    the operation of the entire network at risk.

    DETAILS

    Introduction:
    This document provides a high-level introduction to a number of common
    design and implementation security hazards present in General Packet Radio
    Service (GPRS) and associated networks -- hazards that @stake has observed
    through working with multiple large cellular operators and through
    independent research on infrastructure components used in next-generation
    networks. This report summarizes risks and provides recommendations in the
    following areas:
    1. GPRS IP network designs
    2. GPRS IP network implementations
    3. GPRS infrastructure equipment
    4. GPRS mobile equipment
    5. Final thoughts

    ADDITIONAL INFORMATION

    The complete paper can be downloaded from:
    <http://www.atstake.com/research/reports/acrobat/atstake_gprs_security.pdf> http://www.atstake.com/research/reports/acrobat/atstake_gprs_security.pdf.

    The information has been provided by <mailto:advisories@atstake.com>
    @stake Advisories.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] Nokia Electronic Documentation - Multiple Vulnerabilities"

    Relevant Pages