The Development of a Telco Attack Testing Tool
This blog details the requirement for testing Telecom networks and one of the tools developed in house to facilitate this testing. Why? Telecoms security has always been an afterthought when the first mobile networks were developed and deployed into the wild. Telecoms security has faced numerous challenges, leading to concerns about its effectiveness. Several key […]
Replicating CVEs with KLEE
This blog post details the steps taken to replicate a udhcpc process crash on BusyBox 1.24.2 using NVD – CVE-2016-2147 (nist.gov), and to produce a working denial of service exploit. We will be using the symbolic execution engine called KLEE to help identify parameters that can cause the specific crash we are interested in. This […]
Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
Following on from our previous blog post ‘The Challenges of Fuzzing 5G Protocols’, in this post, we demonstrate how an attacker could use the results from the fuzz testing to produce an exploit and potentially gain access to a 5G core network. In this blog post we will be using the PFCP bug (CVE-2021-41794) we’d […]
The Challenges of Fuzzing 5G Protocols
If you have ever looked at fuzzing in any depth you will quickly realize it’s not as trivial as it first appears. There are many different types of fuzzers, but here we are focused on network fuzzers. These fuzzers are of particular interest as they are most suited to fuzzing telecoms products/protocols, where the application […]
Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)
Summary When connecting to the UPF port for the PFCP protocol (8805) and sending an Association Setup Request followed by a Session Establishment Request with a PDI Network Instance set to ‘internet’, it causes a stack corruption to occur. Impact Exploitation of this vulnerability would lead to denial of service for the subscriber’s equipment. Details […]