Snooping on Cellular Gateways and Their Critical Role in ICS

Conference:  BlackHat USA 2018



The presentation discusses the issue of insecure cellular devices and the lack of response from vendors. The speaker highlights the importance of fixing the problem and provides steps to mitigate the issue.
  • Cellular devices are often used for constant connectivity in various industries
  • Insecure cellular devices have been a problem since at least 2012
  • Vendors have not responded adequately to over 13,000 disclosures about the issue
  • Collaboration with Sierra Wireless has led to progress in identifying and solving the problem
  • Steps to mitigate the issue include changing passwords, upgrading firmware, configuring management interface, and using SSH instead of telnet
The speaker references the movie 'The Italian Job' to illustrate the potential consequences of insecure traffic cameras and traffic lights. The speaker emphasizes the seriousness of the issue and encourages peers to take action to fix it.


To keep up with the growing demand of always-on and available-anywhere connectivity, the use of cellular, in comparison to its wireless mobile connectivity counterpart in the electromagnetic spectrum, is rapidly expanding. My research in the IoT space led me down the path of discovering a variety of vulnerabilities related to cellular devices manufactured by Sierra Wireless and many others. Proper disclosures have occurred; however, many manufactures have been slow to respond. This led into examining numerous publicly disclosed vulnerabilities that were considered "low-hanging-fruit" against cellular devices and other cellular-based network modems that are often deployed as out of band management interfaces. The research expanded through the details provided in configuration templates available by each device including the following:- Wireless Network Information- IPSec Tunnel Authentication Details- Connected devices and servicesFocusing on an obfuscated series of examples to protect the organizations, people, and companies identified; this presentation focuses on the services and systems information of the following, commonly deployed cellular-connected devices to provide an in-depth look at what is easily possible:- Emergency Response systems - Resource collection systems - Transportation Safety- Out of band management