On This Page

Attacking 2G/3G Mobile Networks, Smartphones and Apps

Pedro Cabrera & Simon Roses Femerling | March 28 - 29


This 2 day hands-on course will cover the following topics:

Day 1: Attacking 2G/3G mobile networks and smartphones

  • Introduction to Software Defined Radio and graphical analysis of mobile spectrum
  • 2G interception attacks on hopping channels with A5/1 rainbow tables: physical and cryptographic attacks
  • Capturing 3G traffic: Circuits and Packets domains analysis
  • 2G Denial of service attacks: targeting subscribers and networks
  • Messaging; Silent & binary SMS
  • 2G impersonation attacks with custom SIM cards
  • 2G Geolocation attacks
  • Fake 2G and 3G stations: Interception, IMSI Catching and DoS
  • Detecting fake cells
  • Attacking IMS networks and mobile VoIP applications

Day 2: Android & iOS Attacks

  • Android and iOS Platform and Apps Security (architecture, sandboxing, permissions, storage, and communications)
  • OWASP Mobile Top 10 and other common bugs
  • Rooting Android and Jailbreaking iOS
  • Attacks on mobile devices (At Transit & At Rest)
  • Reversing real Apps and malware
  • Identify bugs using static analysis tools
  • How to perform advanced dynamic analysis
  • Exploiting mobile Apps vulnerabilities

Who Should Take this Course

Penetration testers and InfoSec professionals, offensive-driven security staff and anyone interested in learning up-to-date mobile and mobile networks hacking.

Student Requirements

  • Basic knowledge running Linux and command line tools.
  • Basic 2G and 3G mobile networks architecture and protocols knowledge

What Students Should Bring

Students will need to bring their own laptop with:

  • Wired or Wireless network card
  • 4GB of RAM or more (8GB recommended)
  • 3 USB ports available
  • Ability to run a virtual machine (VMWare Player, Workstation, Fusion)
  • Any jailbroken mobile devices to be used in class iPhone/iPad/iPod)
  • Samsung S2 or S3 rooted smartphone (Android)
  • We will provide Linux images with all the tools needed
  • Any SDR board could be used, but we strongly recommend to bring your HackRF, BladeRF, USRP or any Gr-osmoSDR hardware

What Students Will Be Provided With

  • A Linux image with all the tools needed for the class
  • PDF version of the slide deck
  • PDF Course Lab write-up
  • OsmocomBB mobile phone and non-standanrd baud-rates serial cable
  • Writable SIM card and Card Reader/Writer
  • SDR boards; HackRF, BladeRF and USRP
  • A rtl-sdr dongle with a quad-band omnidirectional antenna (students will keep it)


Simon Roses Femerling holds a B.S. from Suffolk University (Boston), Postgraduate in E-Commerce from Harvard University (Boston) and Executive MBA from IE Business School (IE, Madrid). He is currently CEO at VULNEX, driving security innovation. Former Microsoft, PriceWaterhouseCoopers and @Stake. Simon has authored and cooperated in several security Open Source projects like OWASP Pantera and LibExploit. He has also published security advisories in commercial products. Simon was awarded with a DARPA Cyber Fast Track (CFT) grand to research on application security. Frequent speaker at security industry events including Black Hat, DEFCON, RSA, HITB, OWASP, SOURCE. DeepSec and Microsoft Security Technets. CISSP, CEH & CSSLP. Blog: www.simonroses.com