APN - Security through secrecy

[relemedf5w023]

An Access Point Name (APN) is used to identify the gateway between a mobile phone or device network and another network, which is typically the Internet. A common misconception among industrial security professionals is that using a separate APN necessarily means using a separate network, completely separate from other network traffic. However, this is not always the case, and APN users should check with their individual service provider.

Moreover, if an attacker has physical access to the device but does not know the APN, it can still be obtained using its own base station. The first time the device tries to connect to the base station, it will be rejected with the reason "Missing or unknown APN", after which the attacker will be able to obtain the value of the custom APN that the device was trying to connect to. Using this method, it is possible to obtain the custom APN and OAuth from unencrypted http requests.

Vulnerabilities in base stations
Base station vulnerabilities have not been georgia mobile database studied. Moreover, responsible disclosure practices are extremely rare among cellular equipment vendors. Vendors ignore vulnerability reports for marketing or resource reasons. It gets to the point that it is almost impossible for security researchers to purchase base stations for research from vendors, since their sales channels are primarily focused on large orders.

For example, the manufacturer of the small cell used in the campus network study explicitly asked that the vulnerability not be disclosed without prior notice.

A vulnerable base station can become a promising interception point for attackers, since in a campus network base stations are often connected to the local network without using encryption.