Testing a device’s WCDMA interface


  • Need to identify attack surface of a device that has a cellular interface (phone, IoT)
  • Want to know and understand any call home functionality (IPSEC, SSH,etc)
  • Scan for network daemons that might be listening on the cell interface. In real world cell provider might be blocking network traffic.
  • Verify firewall rules are working
  • MitM opportunities
  • This setup is not a cellular downgrade attack

Details are in this slide.