High Assurance Against Cellular Compromise

Smartphone ownership has become so ubiquitous that many of us would have a hard time imagining how we’d get through our day without our phones. From conducting work while on the go to keeping up with news to pre-ordering our much-coveted hit of caffeine, smartphones have become an indispensable part of our lives. Over the span of a few decades, we’ve entrusted our devices and our data—which capture the full picture of our lives—to mobile network operators, even as we acknowledge the risks of sending and receiving data via cellular towers.

More recently, Internet of Things (IoT) devices have been added to the list of data-capturing devices, making us even more susceptible to cyber attacks. It has been estimated that in 2019, 26.66 billion IoT devices were connected to the internet.[i] That’s approximately 3.5X more devices than people on planet Earth! Yet, it’s safe to say that the number of connected devices will only grow over time, which means that security control over those devices must also grow.

Despite the reality that cell carriers are using and selling certain of our data,[ii] there is a need to protect more-sensitive data from adversaries and criminals. Businesses understand that the connected landscape increases business risk via unauthorized access to customer information, financial information, and intellectual property; that a cyber attack impacting confidentiality, integrity, and availability of systems and data could cost millions of dollars and incalculable reputation damage; and that digital transformation is only transformational if it isn’t constantly hindered by vulnerabilities and/or exploits.

More than WiFi to worry about

To date, tremendous effort and budget have been poured into securing networks, network communication, and mobile devices, but cellular manipulation remains a sore spot. Devices are exposed to location tracking, man-in-the-middle attacks, hijacking, re-routing, interception, phishing, malware, and more. Four years ago, Adam Weinberg and Prof. Dror Fixler, founded FirstPoint Mobile Guard to directly address these vulnerabilities. Their claim is that they protect any SIM-based device from any type of cellular network attack, without leaving a footprint on the device or requiring user action, on 2G, 3G,4G, and 5G networks alike.

The idea of a device-agnostic solution and centralized security control should be attractive to mobile operators, enterprise IT and operations teams, and security professionals. The way FirstPoint works is two-fold. First, the solution is integrated with the core network of the mobile network operator (MNO) or a private cellular network via a standard connection interface, resembling that of an MVNO in an MNO network. The hosting network is configured to route protected devices’ communication through FirstPoint’s dedicated secured overlay core network where policy for detecting and blocking suspicious activity is applied, and the MNO or the protected organization monitors activity through a dedicated dashboard or SIEM integration.

The second component of the solution is a security applet which can be provided over-the-air (OTA) to the device SIM/eSIM. The applet monitors and analyzes information about the device’s network communication, and can even change or anonymize the ID of a device if a suspected Stingray attack is detected. Because FirstPoint is implemented and updated on the core network and at the SIM level, security assurance is high. This aspect is what makes the product an excellent fit for organizations that need always-on confidence that employees’ devices are free from malware, data leakage, IMSI catchers, snooping, backdoors, and the wealth of evils mentioned at the beginning of this article. Government and defense, utility companies, and other critical infrastructure are examples of organization that should demand the highest level of assurance.

However, since FirstPoint acts as a proxy between the operating device and the host, implementation requires cooperation from the network operator. This could be a deterrent for companies lacking resources. In an age where many security vendors are promoting ease of implementation, getting FirstPoint up and running takes extra patience until a local MNO can offer the service. That said, the tradeoff for being able to bypass cellular network vulnerabilities without user involvement is compelling. Also, this difficulty is anticipated to be largely overcome when protecting mass cellular IoT deployments, as the core network is expected to be part of the IoT device connectivity via a dedicated global MVNO or with dedicated 5G slicing.

5G security considerations

Another consideration for protecting cellular devices is the rollout of 5G networks. 5G has promised mitigation of cellular compromise through improved security capabilities, but research has shown that 5G is not free from unauthorized surveillance[iii] through IMSI catchers, often known as "stingray.” Further, 5G has holes in the registry process, including missing encryption, which would allow adversaries to collect private data from a user’s device, modify contents of the device, or even downgrade the device’s connection to a lower category—2G or 3G, for instance—which would quickly degrade device protection. Consequently, many IoT devices often communicate by default over 2G or 3G networks.

With so much attention today paid to network and device protection, it’s wise for companies to think about what happens to those devices when they’re off the corporate network and communicating via cellular signals—and what that means when those devices reconnect to the corporate network. It’s easy to fall into the trap of thinking that it's up to network operators to protect anything that communicates through their equipment, but that’s risky thinking. Protecting sensitive and proprietary data from adversaries and criminals should be a top-line priority for organizations of all types. But especially for those working in critical infrastructure that need high assurance that their devices and employees are protected, no matter where they are geographically or how they’re connecting, FirstPoint deserves a hard look.