Mobile networks are used billions of times every day — not just for calls and messages, but for security- critical tasks like SMS-based two-factor authentication. Yet despite their importance, these systems still lack core security features. Legacy flaws and the burden of backward compatibility continue to expose even modern networks. State actors and law enforcement routinely exploit these gaps to intercept calls, unmask users, and track their locations — often needing nothing more than a phone number. In effect, everyone carries a real-time tracking device in their pocket.

Last week I gave a talk about mobile telecommunication security at my university. In my opinion, this is a majorly underselled security concern, so I wanted to share some information with all of you.

The presentation covered the 3 Attack Surfaces

  • User Equipments,
  • RF + Base-Stations and
  • the Core Network.

You can find the full slides here.