3-DAY TRAINING 6 – Hacking Mobile Networks with Software Defined Radios


CAPACITY: 20 pax


USD2999 (early bird)

USD3599 (normal)

Early bird registration rate ends on the 1st of September


In this training we will cover security issues from 2G to 4G networks, specifically focusing on the air interface portion of the network. We will cover the various attack surfaces for the cellular network and protocols which allows us to show the impact of various vulnerabilities. We will also include a portion on security of 5G networks and will introduce the progress of 3GPP SA3 standardization.

This course will be a combination of theory introduction and also hands-on practical experiments with SDRs. We will use SDR hardware tools, such as USRP, and open source projects related to cellular networks to analyze the existing signals, and also to allow you to build your own fake base stations! All SDR hardware will be provided.

Who Should Attend

Anyone that has an interest in cellular network security, for example security engineers in telecom operators, telecom manufactures, IoT device developers who use cellular network links, etc.

Key Learning Objectives

  •  Understand the fundamental architecture of SDR systems
  •  Get a birds eye view of the whole SDR-based cellular projects
  • Become familiar with common security concerns and attack surfaces in wireless communication systems

Prerequisite Knowledge

  • Basic knowledge of telecom & network principles
  • Basic knowledge of digital signal processing
  • Basic skills and usage of Linux

Hardware / Software Requirements

Attendees should have a modern (Intel core i7 is great) laptop with at least two USB ports with at least one of them being USB3. We will bring USRPs for the experiments however if you have your own device, you are welcome to bring it with you as well.


Day 1

Overview of cellular network security

  • Introduction of cellular network architecture
  • Overview of attack surface

SDR architecture and available tools in market

  • SDR hardware tools
  • Overview of useful open source projects

Day 2

2G network security

  • Classic 2G vulnerabilities
  • Experiment: build your own fake 2G base station and hijack an IoT device’s data traffic

3G network security

  • 3G network vulnerabilities and introduction of Osmocom Accelerate3g5 platform

Day 3

Security issues in 4G

  • Experiment: Implementation of 4G IMSI catcher
  • Introduction of the implementation of 4G ‘Ghost Telephonist’ attack

3GPP 5G standard progress related to security

Location: Date: October 29, 2018 Time: 9:00 am - 6:00 pm Lin Huang