Taddong - Security in GSM/UMTS (2G/3G) mobile communications


Experience and deeply understand the information security risks involved in using GSM/UMTS mobile communications.


Taddong - Security in GSM/UMTS (2G/3G) mobile communications

More than 3.000 million users in more than 200 countries use 2G/3G mobile communications daily to carry out conversations and data transfers. But, are these communications secure?

In the last few years, multiple vulnerabilities and practical attacks against GSM/UMTS have been published. These attacks demonstrate that we cannot simply assume that GSM/UMTS communications are secure. What would happen if an attacker could listen to telephone calls made by high-level members of your organization, such as the CEO or a member of the board of directors? Or manipulate sent and received SMS messages? Or intercept the data communications of a GPRS terminal?

Discover in this course what the existing known vulnerabilies and attacks against GSM/UMTS (2G/3G) are, see with your own eyes some of these attacks in action, deeply understand the concepts and techniques behind these attacks, and realize what your organization can do to protect its mobile communications. Learn all of this in just three days of intensive training, directly from two experts on the field and authors of this course: David Perez & Jose Pico.


Taddong - Security in GSM/UMTS (2G/3G) mobile communications

Taddong - Security in GSM/UMTS (2G/3G) mobile communications

1. Introduction

2. Security in GSM (2G) communications

  • GSM Concepts
    • General architechture of a GSM network
    • The physical layer
    • Radio Resource management (RR)
    • Mobility Management (MM)
    • Short Message Services (SMS)
    • Security in GSM
  • Known attacks against GSM communications
    • Passive attacks
    • Active attacks
    • Other attacks
    • Commercial systems
  • Practical demonstrations

3. Security in 2G data communications (GPRS/EDGE)

  • GPRS Concepts
    • Introduction to GPRS
    • The physical layer
    • Radio Resource management (RR)
    • Logical Link Control (LLC)
    • GPRS Mobility Management (GMM)
    • IP addressing
    • Security in GPRS/EDGE
  • Known attacks against GPRS/EDGE communications
  • Practical demonstrations

4. Security in UMTS communications

  • UMTS Concepts
    • Introduction to UMTS
    • The physical layer
    • Mobility Management (MM)
    • Security in UMTS
  • Known attacks against UMTS communications
  • Practical demonstrations

5. New technologies: security aspects

  • 4G
  • Long Term Evolution (LTE)
    • Introduction to LTE
    • E-UTRA
    • E-UTRAN
    • SAE
    • Advanced LTE
    • Security aspects

6. Recomendations, best practices and risk mitigating actions


3 days

Upon finishing the course you will be able to (course objectives):

Taddong - Security in GSM/UMTS (2G/3G) mobile communications

  • Describe all known vulnerabilities in GSM/UMTS (2G/3G) networks
  • Describe all known attacks against GSM/UMTS networks and their associated impact
  • Describe available protection measures to improve the security of GSM/UMTS communications
  • Design a security policy for mobile devices, tailored to your organization's needs, to effectively protect its GSM/UMTS (2G/3G) mobile communications

Aimed at:

Taddong - Security in GSM/UMTS (2G/3G) mobile communications

  • Chief Security Officers (CSO)
  • Chief Information Officers (CIO)
  • Security analysts
  • Security consultants
  • Security auditors
  • Experts in ethical hacking

Previous knowledge required:

  • Basic understanding of networking and communications.
  • It is not necessary to have any previous knwoledge about GSM/UMTS (2G/3G) network communications. All concepts needed to understand the vulnerabilities, attacks and countermeasures will be explained in detail during the course, without assuming any previous knowledge about it by the student.

Educational methodology:

The contents will be presented by the authors of the course, with the help of audiovisual media and a communications laboratory which will be used to perform the practical demonstrations of the most relevant attacks. This laboratory includes a Faraday cage to avoid radiating into the open air.

The number of students per session will be limited to a maximum of 15, so that personalized attention will be guaranteed.

Materials that will be given to the students:

At the beginning of the course, the student will receive printed documentation containing all the information that will be covered during the course.

Materials that the students should provide:


Reasons to attend this course:

Attending this course will be useful to you if you:

  • Want to deeply understand the concepts behind known vulnerabilities and attacks against 2G/3G mobile communications
  • Are interested in being able to distinguish between known attacks that are possible only in theory and those that are feasible in practice
  • Need to know the risk that an organization is taking by using 2G/3G mobile communications
  • Require to determine the probability of each type of attack according to possible attacker profiles
  • Desire to know and be able to define a set of best practices assuring the secure use of mobile communications for your organization
  • Have to state and argue the need of implementing a mobile communications security policy within your organization
  • Hold some responsability regarding information security and its associated risk management in your organization

Copyright © 2011 Taddong S.L.