https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

The next wave of wireless security worries: API-driven IoT devices

The next wave of wireless security worries: API-driven IoT devices

  • Written by Rob Pegoraro / Light Reading
  • 23rd August 2022

LAS VEGAS – Wireless carriers may be the next cast of characters to learn the hard way about the security risks created by IoT devices. This warning came in a recent briefing at the Black Hat information-security conference here by Altaf Shaik, a senior security researcher at Technische Universität Berlin.

“There is increased threat when it comes to 5G, and the impact is also quite bigger because here the hacker gets to target the industry and not just a single user,” Shaik said at the start of this 40-minute presentation.

The core issue here is 5G’s utility in connecting not just people (who stand to get notable privacy upgrades with 5G, as Shaik explored in a presentation at last year’s Black Hat conference) but machines. Carriers are now moving to turn that latter feature into new lines of business by offering IoT services to businesses that these customers can manage directly through new APIs.

“For the first time, 4G and 5G networks are trying to bring this network exposure,” Shaik said. “The proprietary interfaces are now changing and slowly moving to generalized or commoditized technologies like APIs.”

“So now any external entity can actually control their smart devices by using the service APIs and going through the 4G or 5G core network,” Shaik said, citing a Vodafone test of drones in Germany. “This exposure layer provides APIs and shares information for the drone control center.”

Carriers sell these IoT services to businesses (as verified with a tax ID) willing to buy IoT SIMs in bulk purchases of a thousand or more. These business customers, in turn, can manage these SIMs through an IoT connectivity management web interface, with an IoT service platform web interface providing account-wide controls.

“You can do plenty of stuff, provided you have access to these APIs,” summed up Shaik.

Open to compromise

However, poorly configured or administered APIs can open the IoT devices of other customers and even perhaps a carrier’s core network to compromise. For example, an attacker could start by exploiting vulnerabilities “to gain data of arbitrary users hosted on the same platform,” then attempt to compromise a carrier’s application server – and then possibly “penetrate from there into the mobile core network, because they are connected,” Shaik continued.

He and fellow researchers Shinjo Park, also with Technische Universität Berlin, and Matteo Strada, with NetStudio Spa, tested this by purchasing IoT SIM cards from nine services and then testing them for possible weaknesses.

To read the complete article, visit Light Reading.

 

Tags: 5G Applications Companies Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness Internet of Things Internet of Things Interoperability IoT/Smart X Long Term Evolution (LTE) News Public Safety Security Software State & Local Government Subscriber Devices System Design System Operation Test & Measurement Tracking, Monitoring & Control Wireless Networks Partner content

Most Recent


  • IWCE 2023
    Safer Buildings Coalition annual meeting held at IWCE 2023
    A common theme ran through the Safer Buildings Coalition’s annual meeting Monday night during IWCE 2023 at the Las Vegas Convention Center—strength through collaboration. “The perception is that the challenge is ‘out there,’ and someday, maybe the challenge will come here,” said Billy Bob Brown Jr., executive assistant director for emergency communications within the Cybersecurity […]
  • The next wave of wireless security worries: API-driven IoT devices
    IWCE speakers debate state of public-safety interoperability
    LAS VEGAS—Achieving comprehensive interoperability for mission-critical communications used by U.S. public-safety agencies continues to be an elusive goal, according to speakers addressing the topic during a Monday session at the IWCE 2023 event in Las Vegas. Some view interoperability as the technical ability for one person to communicate with another, no matter what device or […]
  • UK competition watchdog delays Airwave-Motorola Solutions ruling until April
    The Competition and Markets Authority (CMA) in the UK today announced that it plans to issue its final decision in April as part of an investigation of the Airwave TETRA network—a ruling that could investigation that could cost Motorola Solutions more than $1 billion in projected revenue during the next several years. CMA made the […]
  • AT&T claims LTE coverage edge, FirstNet build more than 99% done
    AT&T claims a 250,000-square-mile coverage advantage and that the planned five-year deployment of the FirstNet public-safety broadband network operating on the 700 MHz Band 14 spectrum licensed to the FirstNet Authority is more than 99% complete as a contractual deadline approaches this week. AT&T—the contractor responsible for building and maintaining the FirstNet public-safety broadband system—made […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • From integrating new technologies to staffing shortages, report highlights challenges faced by 911 answering centers
  • Coalition asks Senate leaders for $15 billion, borrowing authority for NG911
  • Expiring root certificates threaten IoT in the enterprise
  • Black Hat 2022: Adapting to the growing cyberthreat landscape

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Gallery: More presentations as IWCE enters second day dlvr.it/Sldj1c

29th March 2023
UrgentComm

Safer Buildings Coalition annual meeting held at IWCE 2023 dlvr.it/SldfdR

28th March 2023
UrgentComm

The Future of Interoperability for Dispatch Console Solutions dlvr.it/Slcp33

28th March 2023
UrgentComm

RT @IWCEexpo: A look in at the Panel Session of Interconnected Critical Networks - Voice, Video and Data Interoperability... #IWCE23 http…

28th March 2023
UrgentComm

RT @IWCEexpo: Wildfires are a growing concern, but technology can offer solutions. Fantastic panel moderated by @FirstNetGov this morning a…

28th March 2023
UrgentComm

IWCE speakers debate state of public-safety interoperability dlvr.it/SlcZ5L

28th March 2023
UrgentComm

UK competition watchdog delays Airwave-Motorola Solutions ruling until April dlvr.it/SlcNxN

28th March 2023
UrgentComm

Gallery: IWCE 2023 kicks off in Las Vegas dlvr.it/SlZlk4

28th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.