Our multiprotocol Wireless Threat Detection Framework can detect a wide range of wireless attacks, including:

• Rogue Access Points
• Man-in-the-middle attacks
• Data injection attacks
• Deauthentication attacks
• Over-the-air code injection
• Denial-of-service (DoS) attacks
• Location Tracking Attacks 
• Identity Leaks
• Spoofing Attacks

Our multiprotocol Wireless Threat Detection Framework will eventually cover and support a wide range of wireless protocols, including:

• 802.11a, b, g, n, ac
• Wi-Fi Direct
• Cellular (5G-NR, LTE, UMTS, GSM, cellular IoT)
• V2X Communications
• GNSS Positioniong 

In the future we envission also protecting in-vehicle RADAR systems from very sophisticated jamming and spoofing attacks.

While our solution will eventually cover most wireless protocols out there, detecting threats affecting cellular endpoints, including 3G, 4G, 5G, and cellular IoT, is the cornerstone of our innovation. Providing an advanced IDS solution for cellular endpoints is like “touching the untouchables”. Unlike in other wireless technologies such as Wi-Fi and Bluetooth, solutions for protecting cellular-enabled endpoints are totally overlooked. We believe this is due to the nature and sophistication of the attacks affecting those devices, which adds an extra layer of complexity to the development of such solutions.

Cellular networks face unique cybersecurity challenges due to their inherent design and functionality. Unlike traditional wired or WLAN networks, which are typically confined to a physical location, cellular networks are designed to provide ubiquitous connectivity, enabling users to connect from anywhere in the world. This mobility introduces several challenges for cybersecurity:

1. Dynamic Network Environment: Cellular networks constantly change as users move from one cell tower to another, creating a dynamic and ever-changing environment. This makes it difficult for traditional cybersecurity measures to keep up, as they are often based on static rules and predefined patterns.

2. Critical Network Procedures: Cellular networks rely on a complex set of network procedures to manage user mobility, authentication, and communication. These procedures, such as the Mobility Management Entity (MME) and the Radio Resource Control (RRC) protocol signalling, are essential for the network’s operation but also introduce potential security vulnerabilities.

3. Roaming Features: Cellular networks enable seamless connectivity across different network operators, allowing users to roam internationally or between different mobile carriers. While this roaming feature is convenient for users, it also introduces additional security risks, as it exposes devices to a wider range of potential threats.

4. Increased Reliance on Software: Cellular networks are increasingly relying on software-based solutions for network management, security, and applications. This increased reliance on software makes cellular networks more susceptible to software vulnerabilities and exploits.

5. Global Reach and Interconnectivity: Cellular networks have a global reach and are interconnected with other networks, including the internet. This global connectivity increases the attack surface and the potential for cross-network attacks.

Over-the-air code injection is a type of attack where an attacker injects malicious code into a device over the air. This can be done by exploiting vulnerabilities in the device’s firmware or software. Malicious code can be used to steal data, execute arbitrary commands, or take control of the device.

Attacks such as the Over The Air Baseband Exploit, aka OTAB exploit, is a critical vulnerability that affects the baseband firmware of 5G smartphones and cellular IoT devices. This vulnerability was first discovered in 2021 by KeenLab, a security research team at Tencent. It affects a wide range of devices from major manufacturers. 

The OTAB exploit works by exploiting a vulnerability in the baseband firmware, which is responsible for managing the communication between the device’s modem and the cellular network. Attackers can exploit this vulnerability to gain remote code execution on the device, which means that they can execute arbitrary code on the device without the user’s knowledge or permission.

Any organization that uses wireless networks can be at risk of wireless intrusions. This includes businesses of all sizes, as well as government agencies, hospitals, and educational institutions.

Here are some specific examples of industries that are particularly vulnerable to wireless intrusions:

• Critical Infrastructure: Critical infrastructure sectors such as energy, transportation, and utilities rely on wireless networks for their critical operations.

• Healthcare: Hospitals rely on wireless networks to connect medical devices, patient records, and other critical systems.

• Financial: Banks and other financial institutions use wireless networks to transmit sensitive financial data.

• Manufacturing: Manufacturing plants use wireless networks to control robots and other industrial equipment.

• Automotive Industry: Connected vehicles rely on wireless networks to communicate with each other and with infrastructure.

• Industry 4.0: Smart factories and other industrial IoT applications rely on wireless networks to collect and analyze data.

• Smart Cities: Smart cities use wireless networks to manage traffic, lighting, and other infrastructure.

OTA attacks can bypass network security measures and procedures, and gain direct access to the targeted device without leaving any traces. This makes it very difficult to identify and investigate the attack. As a result, the device owner may not even know that their device has been compromised.

OTA attacks can be used to target a wide range of devices, from smartphones, IoT devices, and connected vehicles, to industrial control systems and medical devices. This makes them a significant threat to organizations of all sizes.

The ease with which a malicious actor can create a fake cell depends on the actor’s resources and technical expertise. However, it is generally considered to be a relatively straightforward process, particularly for those with access to specialized equipment and software.

Creating fake base stations is a serious concern, as it has made it possible for malicious actors to intercept calls, and data traffic,  track the location of unsuspecting users or devices, and even inject malicious code. The availability of relatively inexpensive hardware such as software-defined radios (SDRs) and the open source availability of cellular protocol stacks has made it easier than ever for anyone with the technical expertise to create these devices.

In addition, the fact that these devices are now available to private and criminal organizations, not to mention foreign agencies, through websites that are selling them and the dark web, has made it even more difficult to track and prevent their use.

Nation-states have long used cyberattacks as a tool for espionage and sabotage. However, the webanization of cybersecurity has made it possible for these attacks to be more sophisticated and damaging. Fake cells, offer a great tool to foreign actors of antagonistic or hostile countries to release covert and untraceable attacks for achieving a variety of goals including: 

• Espionage: Stealing sensitive information, such as military secrets or trade secrets.
• Sabotage: Disrupting critical infrastructure, such as power grids, supply chains, or communication networks.
• Economic warfare: Disrupting businesses or causing financial losses.
• Political warfare: Influencing elections or undermining government stability.

There are numerous examples of hackers using fake cells for criminal activities, particularly in the past five years. These include:

• In September 2023 it was revealed that thousands were tricked into revealing banking details to an IMSI-Catcher driven around Norway.
• In April 2023, it was reported that Criminal Gangs in Vietnam were using short range IMSI-Catchers to send malicious SMS 
• In January 2023, an IMSI Catcher was found accidentaly by the authorities after an investigation of a vehicle. According to some news outlets and the authorities, the device which based on the pictures looked very sophisticated, it was used for a massive phishing campaign to siphon phone numbers and personal data.
• In  2017 a group of hackers in China found Using Fake Cellphone Towers to Spread Android Banking Trojan.

To achieve ubiquitous connectivity and seamless handovers between different cell towers, cellular networks transmit a significant amount of information that is not encrypted. To list some:

1. Radio Resource Control (RRC) Protocol: The RRC protocol is responsible for establishing and managing radio connections between cellular devices and network towers. It handles tasks such as paging, authentication, and handovers. While some RRC messages are encrypted, others remain unencrypted to facilitate rapid and efficient communication.

2. Mobility Management Entity (MME) Messages: The MME (aka. AMF in 5G-NR) is a critical network element responsible for managing user mobility and authentication. It communicates with cellular devices and other network components to ensure seamless handovers between cell towers. Some MME messages are encrypted, but others remain unencrypted to optimize performance.

3. Paging Mechanism: The paging mechanism is used to notify cellular devices when they are needed to receive data or establish a connection. The paging messages are typically unencrypted to reduce overhead and enable faster paging.

4. Roaming Features: Cellular networks support roaming, allowing users to connect to different network operators while traveling. This requires exchanging information between network operators, some of which may be unencrypted to facilitate quick and efficient handoffs.

Encryption is a powerful tool for protecting sensitive information, but it is not a foolproof solution. There are several reasons why encrypted communications may not be enough to safeguard against cyber threats.

• Encryption does not protect against Biding-Down attacks an Downgrade Attacks: This is particularly true for Cellular Networks.
• Encryption does not protect against interception at the endpoint: Even if your communications are encrypted, they are still vulnerable to interception at the endpoint, such as when you are unintentionally and unknowingly connected to an unsecured Network. If a malicious actor has access to the endpoint, they may be able to decrypt the traffic.
• Encryption does not protect against zero-day attacks.: Zero-day attacks are exploits that target vulnerabilities that are unknown to the software vendor. These vulnerabilities may not be patched by the time they are discovered, leaving encrypted communications vulnerable to interception.
• Encryption does not protect against man-in-the-middle attacks:- In a man-in-the-middle attack, an attacker intercepts the communication between two parties and pretends to be one of them. The attacker can then see and modify the data being transmitted. This can be done even if the communication is encrypted.
• Encryption does not protect against social engineering attacks: Social engineering attacks are attempts to trick users into revealing confidential information, such as passwords or credit card numbers. Even if your communications are encrypted, you can still be tricked into revealing sensitive information.
• Encryption does not protect against insider threats: Insider threats are individuals who have legitimate access to a system but who abuse that access to steal or damage data. Encryption can be used to protect against insider threats, but it is not always enough. For example, an insider could still be able to steal encrypted data if they have access to the encryption key.

No, we do not claim to offer a magic bullet for cyberattacks, there is no such thing. However, we firmly believe that our multiprotocol Wireless Threat Detection and Response System is an essential component of a comprehensive cybersecurity strategy. Given the sophistication of cyber threats in today’s hyper-connected world, and the increasing prevalence of 5G networks and the proliferation of IoT devices, it is imperative for organizations and nations to have an advanced security solution that can protect them from emerging threats. Our WIDS provides this critical layer of defense, enabling Organizations and Nations to thrive and prosper in today’s increasingly interconnected world.

Protecting the privacy and confidentiality of personal information is a top priority for us. We believe that privacy, confidentiality, and security are inextricably linked. We are developing innovative solutions to enable secure and confidential information sharing and processing in the post-quantum era. Contact us to learn more about our capabilities.