BSidesBCN21 - Privacy and Safety of NB-IoT Devices (Ali Abdollahi)

BSidesBCN21 - Day 2 - Sagrada Familia Track

Privacy and Safety of NB-IoT Devices (Ali Abdollahi)

With the widespread use of technology in daily life, as well as the need for society to use techniques to enhance work, the IoT definition and technology has developed. Today, the use of this technology is prevalent in various sectors, such as agriculture, IT, transport, etc.

Major privacy issues in IoT include authentication, identification, and device heterogeneity. After studying many threats and risks that have harmed this technology, experts have recognized the different factors such as sending plain text data, the potential to break into dashboards of management, authentication mechanism vulnerability, and so on.

In order to implement this technology in a safer and faster context, a new technology based on mobile cellular network called Narrowband Internet of Things was developed. This technology operates in the fourth mobile network generation and uses the relevant elements in these networks.

In this research, an effort has been made to investigate the vulnerabilities in these networks, especially in the radio filed, which is the most accessible subnet. To conduct this research, open-source tools such as OpenLTE and SDR, in an environment where the NB-IoT sensors were active in a LTE network were used. A listening device to receive exchange messages implemented. A Catcher to receive the transmitted values of IMSI based devices, which are considered active subscribers, has been setup. After this scenario, using rogue eNodeB, TAU messages are sent to NB-IoT sensors.

A finding from this experiment shows that the sensors have disabled due to lack of connection to the cellular network.

About Ali Abdollahi
Ali Abdollahi an Information security consultant with over 8 years of experience working in a variety of security fields. Currently the cyber security division manager, Board of review at Hakin9, Pentest &eForensic magazine and instructor at eForensic magazine. Ali is a self-confessed bug hunter, publisher of many vulnerabilities and CVEs, author of two books and some articles in field of cyber security. Ali is a regular speaker at industry conferences.