OpenRAN – 5G hacking just got a lot more interesting
2022-07-23, 14:00–14:50, Abacus 🧮

Many 5G networks are built in fundamentally new ways, opening new hacking avenues.
Mobile networks have so far been monolithic systems from big vendors. Networks are rapidly changing to an "open" model that mixes software from specialized vendors, hosted in cloud environments.

The talk dives into the hacking potential of the technologies needed for these open networks. We illustrate the security challenges with vulnerabilities we found in real-world networks.



Mobile networks are undergoing a paradigm shift from single-vendor monoliths to open cloud environments. Telco software now comes from different vendors and is installed on commodity hardware.

OpenRAN is introduced in many (not all) 5G network globally. Operators hope that OpenRAN will be more flexible and cheaper. But what about security?

To make mobile networks flexible and scalable, OpenRAN adds complex IT technologies. Many components are run on Linux in Docker containers on top of Kubernetes, adding multiple layers of possible hacking interference.

Mobile networks also become easier to test, including for pentesters with experience in web apps and cloud environments. This talk explores how we can best use this new accessibility.

What we discuss

1. Technology overview. Which technologies are used in OpenRAN

2. Virtualization security. How can hackers abuse cloud technologies that underpin future mobile networks

3. Pentest/hacking advice. How do you test whether a network uses necessary security measures

4. Tales of caution. Vulnerabilities we found in real-world networks

See also: Slides

Karsten is a cryptographer and security researcher. He likes to test security assumptions in proprietary systems and typically breaks them. Karsten is the Chief Scientist at SRLabs in Berlin where his professional work includes testing telcos for hacking issues.