Threat Category: Carrier Infrastructure
ID: CEL-30
Threat Description: Operational and Access Management (OAM) networks enable remote management of carrier infrastructure components. Unauthorized access to OAM networks can allow intentional misconfiguration of the communication components.
Threat Origin
LTE Architecture Overview and Security Analysis (Draft NISTIR 8071) 1
Exploit Examples
Attacking BaseStations - an Odyssey through a Telco’s Network 2
CVE Examples
Not Applicable
Possible Countermeasures
Use of strong passwords
Properly wipe and dispose of old network equipment
Ensure that baseline industry recommended practices for information system security are implemented and validated
References
J. Cichonski, J.M. Franklin, and M. Bartock, NIST Special Publication 800-187: Guide to LTE Security, National Institute of Standards and Technology, 2017; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf [Accessed 3/29/2022] ↩
H. Schmidt and B. Butterly, Attacking BaseStations - an Odyssey through a Telco’s Network, presented at DEFCON 24, 7 Aug. 2016; https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/DEFCON-24-Hendrik-Schmidt-Brian-Butter-Attacking-BaseStations.pdf [accessed 8/23/2016] ↩