A Security Research Journey: how the mobile industry met hackers in the middle

The mobile industry has always had a relationship with the hacking community and it has often been collaborative when it comes to protecting consumers.

This is the first time that the mobile industry has spoken about its work with the security research community which started with very informal relationships with hackers and developed into the world’s first cross-industry Coordinated Vulnerability Disclosure (CVD) scheme. The scheme that has run since 2017 has had 70 submissions affecting technologies used by the entire mobile industry. The resulting fixes have saved end users from major pain through the avoided exploitation of the disclosed vulnerabilities.

The speaker will take the audience on a journey through mobile hacking history from the industry’s point of view. Highlights include SS7 signalling attacks and rogue base stations through to femtocell hacks, LTE network breaches and lots of clever device hacking as well as some legendary names from the hacking world. The talk will focus on the technical details of the hacks, how we were able to address them as an industry; what went wrong and what we learnt along the way. The talk will also look at where we can go together in the future and what types of technology challenges and issues we expect to see.