Dr. Altaf Shaik
Senior Security Researcher, Technische Universität Berlin
9th January 2023, 10:00am - 11:00am (GST)
| Title: | API wars in 4G/5G mobile networks |
| Abstract: | As the 5G mobile technology slowly proliferates all over the world, the operational nature of mobile networks migrates from closed to open interfaces. This upgrade comes with its own raft of potential security exposures. The new interfaces that carriers have set up to manage the most awaited internet-of-things society are riddled with security vulnerabilities. This talk exposes the ciritical security risks of these new interfaces that enable industries to integrate their infrastructure with the latest mobile networks over standardized REST APIs. A massive new population of 5G-capable devices, from smart-city sensors to agriculture robots and beyond, already part of this integration can be compromised and hijacked by simply accessing an API. Our security investigations on hundreds of such APIs from 10 commercial service providers allow a remote attacker to execute arbitrary code inside the network and take over the underlying IoT infrastructure. We also demonstrate the powerful abilities of a future 5G attacker capable of extracting sensitive SIM information and sending malicious payloads to arbitrary devices on the network. We help to build the security considerations for design and deployment of APIs in 5G networks. |
| Bio: | Dr. Altaf Shaik is currently a senior researcher at the Technische Universität Berlin in Germany. He conducts advanced research in telecommunications, esp., 6G security architecture, openRAN, and 5G radio access and core network security. He holds more than 10 years of experience in telecom security and combines a professional background in embedded programming, wireless communications, and offensive network security. Dr. Shaik spent his career as a security engineer and expert at various leading organizations including Gemalto (currently Thales), Deutsche Telekom (Germany), and Huawei Technologies (Sweden). He also served as lead investigator in two Horizon 2020 projects funded by the European Union (EU) namely NEMESYS and SERIOT that played a key role in shaping the security standards for cellular and IoT domains. His PhD research assisted in improving the 3GPP 4G/5G security standards and also exposed several vulnerabilities in commercial mobile networks affecting millions of base stations, networks, and handsets worldwide. Dr. Shaik is a frequent speaker at various prestigious international security conferences such as Blackhat USA & Europe, T2, SECT, Nullcon, Hardware.io and HITB, and many others. His accomplishments landed him in the hall of fame of organizations like Google, Qualcomm, Huawei, and GSMA. He is also the founder of Kaitiaki labs and FastIoT that trains internationally various companies and governmental organizations in exploit development and also building secure mobile and IoT networks including their testing and security assessment. |