We are proud to announce that after lots of work we are adding a new capability to our IoT Testing portafolio: 2G. With our new cellular network we have full visibility of Voice, SMS and Data transmitted using this technology.

IoT 2G Attack surface

Until now, our clients had to trust the device manufacturers on what what was being transmitted over the 2G interface or perform a full source code analysis. By using our own cellular network in an EMF shielded room or tent, SevenShift now has control of the 2G network, allowing us to see and attack all communications.

SevenShift 2G Network equipment

 

 

Why 2G, in a world where many other faster protocols are available?

Costs are an important factor in IoT, especially consumer IoT, where the manufacturers try to keep the unit cost as low as possible. This allows them to reduce the price on the devices and of course increase their margin.
The initial cost of the modem / communication modules have a great weight in this area, for example we found this pricing overview here, which illustrates the point:

 

SigFox (TD1207R) LoRaWAN (RN2483)
2G
(u-blox SARA G350)
3G
(u-blox SARA U270)
WiFi
(Cypress BCM43362)
11,00 €
12,43 €
11,56 €
29,18 €
10,48 €

 

As you can see, using a 3G modem more than doubles the price of a 2G modem.
The table above is by no means up to date and will vary depending on the manufacturer and unit count, but it gives us a good idea.

What can we do with the new 2G capabilities?

We are now in the position to perform all the tests we are used to perform for other IP based technologies:

  • Create an accurate communication matrix of the device: with whom, why and how it communicates with.
  • Perform Man in the Middle (MiTM) attacks
  • Verify correct use of encryption, including correct usage and validation of SSL / TLS certificates
  • Attack the device via the 2G interface
  • Emulate any GSM network and observe the behavior
  • And much more…

If you want to book 2G tests for your devices, contact us now.