Quantum of Malice

Modern mobile networks relyheavily on data both from consumer and corporate perspectives. At the same time, we are moving towards a landscape where not only MNOs (Mobile Network Operators) maintaincritical infrastructure,but also more traditional business entities like international corporations, sports teams and even schools, colleges and universitiesbegin to setup and use their own private mobile networks.

While this offers interesting possibilities for end users and especially private interests,it also comes with its own share of security challenges. In CT (Communication Technology) security, the focus, especially on the telecom side,hasfor a long time been the quest for the next signalling networkinterconnect type of attack. Even more impactfulwould besomething that translates to 3G, 4G, 5G and beyond. However, it seems for firewall vendors, network infrastructure developers and security researchers that we have yet to find this elusive tele-sasquatch. Not for alack of trying, but it's getting harder and harder to deny that some problems of the telecom interconnect protocols have actually been resolved and the industry may deserve at least a small gold star for that.

Armed with the assumption that no new sendRoutingInfoForSmis hiding in the bushes,we at Eneaset out to find some new waysanattacker could disruptmobile network services. Instead of chasing ghosts of the interconnect we decided to look for answers in the clouds. After all, when chasing a dream where else would you look? And why not mix dreams with reality and generate some novel threats based on tried and tested demons from the past.