#HITBGSEC D2: 4G LTE Man In The Middle Attacks With A Hacked Femtocell - Xiaodong Zou

Femtocells offer a user the ability to have a small base station located within their house or other area. These small base stations provide access to the core telecom network where poor reception from an eNodeB would normally prevent consistent coverage. Femtocells has been standardized in LTE since release 8, and is referred as Home eNodeB, or HeNB. HeNBs are mandated to have an IPsec connection back to a security gateway (SeGW) to protect traffic flowing into and out of a Mobile Network Operator (MNO)’s core network. If the HeNB is within the physical possession of an attacker, this provides unlimited time to identify a flaw on the HeNB. A compromised HeNB can be used in a manner similar to a rogue base station, but will also provide the attacker access to clear text traffic before it is sent back to the core network. There are more than ten different types of HeNBs deployed in China. Ericsson ENC-nRBS01B40 is one of them – a TD-LTE base station working on band B40. In this talk, we will cover: 1.) How to root a 4G LTE femtocell. 2.) How to make the femtocell portable. 3.) How to perform man-in-the-middle attack with the femtocell. 4.) Show the prototype of Hacking Box of S1 Interface (HBoS) === Xiaodong Zou (aka Seeker), Call-sign: BD4ET, Entrepreneur, Educator, Investor and Hacker. Seeker has 22 years’ of executive management and higher education experience as the founder of HiTeam Institute of Software Engineering. As an independent network security researcher focus on telecommunication and IOT, Seeker has done a lot of research works on hacking air interface of LTE/UMTS/GSM, cellular RAN and core networks, signaling protocols like SS7, Diameter, interconnections via GRX/IPX, firmware of femtocells and IOT devices, and baseband of mobile phones. He is one of the most active security researcher in telecommunication networks. Research Interest: 1.Cellular Network Security 2.Internet of Things (IoT) Security 3.5G Mobile Edge Computing Conference Talks: 1.from HAM Radio to 5G: the Evolution of Wireless Communication and it’s Security, Defcon 010 at Internet Security Conference 2018. 2.from Pocket Fake Base Station to Hand-held True Base Station, KCon 2017. 3.Telecommunication Devices Selling on Tabobao and the threat to IoT Security, Cyber Security Summit 2017. 4.Network Intrusion Starting from a Cellular Phone, xKungfoo 2017. 5.Advanced Hacking Through Rogue Base Station: Taking Down All SMS Verification Codes, KCon 2016.