[REVS] GPRS Wireless Security: Not Ready For Prime Time
From: SecuriTeam (support_at_securiteam.com)
Date: 09/16/03
- Previous message: SecuriTeam: "[NT] Microsoft ASP.NET Request Validation Bypass Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 16 Sep 2003 15:03:18 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
GPRS Wireless Security: Not Ready For Prime Time
------------------------------------------------------------------------
SUMMARY
Mobile GPRS devices contain built-in support for Internet Protocol (IP)
networks. Network operators installing next generation equipment often
believe handsets are isolated from potentially more sensitive parts of the
network operator's infrastructure. In @stake's experience, however, mobile
equipment users are separated from critical network components by only one
or two IP devices. Thus, a compromise of one of these IP devices places
the operation of the entire network at risk.
DETAILS
Introduction:
This document provides a high-level introduction to a number of common
design and implementation security hazards present in General Packet Radio
Service (GPRS) and associated networks -- hazards that @stake has observed
through working with multiple large cellular operators and through
independent research on infrastructure components used in next-generation
networks. This report summarizes risks and provides recommendations in the
following areas:
1. GPRS IP network designs
2. GPRS IP network implementations
3. GPRS infrastructure equipment
4. GPRS mobile equipment
5. Final thoughts
ADDITIONAL INFORMATION
The complete paper can be downloaded from:
<http://www.atstake.com/research/reports/acrobat/atstake_gprs_security.pdf> http://www.atstake.com/research/reports/acrobat/atstake_gprs_security.pdf.
The information has been provided by <mailto:advisories@atstake.com>
@stake Advisories.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] Microsoft ASP.NET Request Validation Bypass Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
