IoT Denial-of-Service and the MNO opportunity

Dozens of remotely activated solar panels on rooftops in a village in rural Africa fail at providing electricity at nightfall and homes go dark. At a busy university campus event, the vending machines aren’t linking up to network and can’t process payments for hours. On a side street of a crowded city, a row of shops is vulnerable to no-witness burglaries, as surveillance cameras aren’t transmitting data. These events seem unconnected but could very well be the cause of local Denial-of-Service (DoS) attacks on the devices’ cellular connectivity.

DoS attacks are more than just a nuisance – they can create meaningful financial, operational or physical damage to businesses and individuals. As companies increasingly rely on connected devices for monitoring, operations, sales and customer service; hackers are turning to DoS attacks to take companies offline or steal their sensitive data. DoS attacks have been around since computers have been networked, and cellular IoT devices are no exception. DoS attacks via cellular networks are traditionally undetectable, unstoppable and do not leave a trace.

How do hackers roll out a cellular DoS attack? Every cellular device’s SIM has a unique IMSI (International Mobile Subscriber Identity), which identifies it to mobile networks. The IMSI serves as your “credentials” when you connect to the network. Attackers impersonate cell towers with devices called “IMSI catchers” (AKA fake cell towers / “Stingray” devices), and “convince” devices to connect to them by providing the “best” signal. Once a device is connected to the fake cell tower, it is no longer connected to the network and doesn’t receive service, hence a DoS attack is underway. Subsequent attacks can include providing the device with cellular connectivity while the hacker acts as a “man in the middle” (MiTM) between the device and the network. In a MiTM attack, hackers can gain access to the device’s sensitive information and even inject malicious code. With one simple IMSI catcher, hackers can roll out DoS attacks on thousands of IoT devices.

DoS via IMSI catchers is only one of the many possible attacks on cellular IoT devices. As remote, mobile and critical devices that are deployed globally, these IoT devices are prime targets for hackers, criminals, and even terrorists. Data duplication to malicious addresses, location monitoring, and operation manipulation are just some of the potential risks.

These scenarios are alarming, but they don’t have to become the reality. Companies can and should take measures to prepare themselves for attacks on business continuity and operations. Firstly, by assessing the level of risk from cellular DoS and data leakage attacks and secondly by setting out a plan to mitigate this risk via existing service providers or alternative 3^rd party solutions.

MNOs have the opportunity to block cellular DoS and other network based attacks at the network level, in a way that no cloud-based solution can. MNOs can be the go-to source for cellular IoT cybersecurity, in addition to connectivity and management services.

This post was originally published in 2018 by Prof. Dror Fixler, CEO of FirstPoint Mobile Guard prior to his lecture on unique cellular network based cyber-attacks on IoT devices in 2G-5G networks, the GSMA 5G standard approach to enhance protection, and as he presented FirstPoint Mobile Guard’s cellular network-based IoT protection platform based on network elements.