Glossary of terms

#

A partnership project bringing together national Standards Development Organizations (SDOs) from around the globe initially to develop technical specifications for the 3rd generation of mobile. 

A

A network function that handles UE registration, NAS signalling context, UE mobility management e.g., tracks UE location and provides mobility events to other NF. The functionality of the AMF resembles the one of the 4G MME.

The term Advanced Persistent Threat (APT) denotes a highly sophisticated attack campaign typically associated with a nation-state or state-sponsored entity able to conduct complex attacks gaining and exploiting system access for an extended period of time. Attacks associated with APTs often involve multiple effects and distinct stages (sometimes referred to as the APT ‘life-cycle’) in respect of targeted system(s), the ultimate aim of which is generally the covert exfiltration of sensitive data. APTs can be comprehensively planned and prepared and they characteristically employ measures to obfuscate intrusions and avoid detection over time.

An organization providing connectivity between Message Generators and Mobile Network Operators.

Messages that are sent from a computer or application on behalf of companies or brands who wish to communicate with customers. Examples include one-time passwords, delivery notifications, reminder text messages, and solicited advertisements. 

B

SMS messages typically used to send rich media files. They can also be used to update system settings or to activate WAP data. Attackers utilize binary SMS in 2G, 3G and 4G networks for location tracking and other attacks. 

C

A cloud-based platform offering services and APIs that enable communication between brands and their customers. The chat box on a brand’s website is an example of a CPaaS. 

According to NIST (2021), cyberspace is: the interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries.

The term cyberwarfare is widely used in a generalized sense to refer to cyberattacks executed by one state against another with the intent to cause harm or otherwise negate the objectives or interests of the state or country targeted. While cyberwarfare is sometimes distinguished from cyber espionage or cybercrime as operations carried out specifically to destroy or disable a target to further political objectives, it is generally used in a broader sense to denote state-level hostile action aimed at achieving effects in and/or via cyberspace.

D

A DoS attack is designed to take the device off the network and prevent access to service. It is usually originating from one source, unlike Distributed Denial of Service attacks that have many sources and are more difficult to block. Read More>

A protocol providing authentication, authorization, and accounting (AAA) messaging services, which act as the foundation for service administration within the telecoms industry. Notably, it is used for control for LTE/4G networks and subscribers. 

A DDoS involves bombarding a targeted network and surrounding infrastructure with a flood of internet traffic to trigger widespread service disruption, preventing the intended users from accessing the network. These types of attacks are often carried out by financially motivated organized crime groups (OCGs), who will use distributed denial-of-service attacks to blackmail providers. 

E

Electronic Warfare (EW) involves weaponizing the electromagnetic spectrum for monitoring and disrupting the enemy’s military radio signals in an offensive or defensive capacity.

IP architecture used on LTE networks which allows for converged voice and data capabilities. An important function of the EPC is to authenticate and authorize subscribers to access and use network services. 

F

A network security tool configured to assess, monitor and filter network traffic based on an organization’s security policies. It provides the organization with a layer of protection against unwanted or malicious traffic.

A SMS worm which exploits a vulnerability on Android devices to steal a user's banking credentials, passwords, and contacts. Self-propagates by sending phishing messages containing a malware link to the contacts of an infected device. Read More >

In military science, a force multiplier is a factor or means by which military capabilities are substantively or effectually enhanced through the integration of an additional component which can be a capability in its own right, extending, improving, or otherwise additionally supporting mission-critical processes, military strategic effects, and operational and tactical outcomes on the battlefield. For example, in warfare, the integration of mobile telecom-enabled attacks with conventional military capabilities can serve as a force multiplier where effects such as signaling-enabled Denial of Service (DoS), real-time location acquisition of targets, or interception of communications can be used to enhance military targeting, potentially enabling more targets to be identified (than were otherwise possible) and more accurate strikes to be achieved. 

G

The Global System for Mobile Communications (GSM) Association represents the interests of mobile network operators and telecommunication service providers worldwide.

A Grey Route is network traffic that is in violation of the operator’s terms and conditions regarding commercial messaging. It is SMS traffic that enters mobile networks through unauthorized channels, transmitting alerts, notifications, and marketing messages.

H

Occurs when an actor infiltrates a device or system without being permitted to do so by the owner. 

The identity assigned by Enea AdaptiveMobile Security to a Russian mobile network Advanced Persistent Threat (APT) attacker.

This nation-state-backed threat actor uses globally dispersed mobile telecom nodes to actively sustain a capacity to remotely access the personal devices of targeted individuals around the world on an ongoing basis. Learn more about HiddenArt > 

A complex threat involving elements across any combination of four different dimensions: diplomatic, military, economic or technical. 

According to reporting from the Hybrid Centre of Excellence (2021), hybrid warfare refers to the combination of conventional military forces with other elements of power which are differentiated, very broadly, as diplomatic, economic and technological measures. In other words, Hybrid Warfare involves the combination of military and non-military means of power. It is strongly associated with the exploitation of vulnerabilities presented by the growing interconnectivity of systems globally. Accordingly, it naturally tends to be associated with cyber security threats and cyberwarfare, which might be considered elements of hybrid warfare. 

While the defining element of hybrid warfare can be said to be the use of conventional force, the term is sometimes applied to describe aggression by a state that does involve overt (or conventional) military attacks, such as the combined execution of information warfare, cyberwarfare, and espionage operations by a state against another for example. Learn more about the use of telecom networks in Hybrid Warfare >

I

A unique number identifying a GSM mobile subscriber. 

A set of rules dictating the format of data sent over the internet or local network. An IP address is used as a unique identifier for each device that is connected to a network. 

The web of interrelated devices and systems connected to a network, which interact and exchange data with each other through the internet. 

J

To modify a mobile device in a way that bypasses restrictions imposed by the manufacturer, allowing the user to acquire full access to the phone’s operating system. This is often done to iPhones, for example, so that the user can access apps that are not available in the App Store. There are security risks associated with jailbreaking a device in terms of data security and exposure to viruses. 

K

A term originating from military use that describes the structure of an attack, consisting of target identification, dispatching (of forces), decision, order, and destruction of the target. In cyber security the term kill chain is used to refer to the complete sequence involved in a phased attack from target acquisition to execution of effects (e.g. delivery of a payload) on a target. The concept has also been adopted to delineate advanced cyberattacks for the purpose of identifying the stages at which interdiction is possible and where defensive efforts may be focused (see Lockheed Martin’s ‘cyber kill chain’).  

L

The capturing and monitoring of a target whereabout's in real time typically by a nation-state actor or surveillance company (often acting as a proxy for the former) using signaling capabilities to exploit or simply bypass weak telecom network defenses. Targets tend to be selected based on the strategic value presented to the attacker, and in the most high-risk cases, are typically subject to well-resourced, highly sophisticated, long-term targeting campaigns. Discover how surveillance companies can track you using mobile networks>

M

A MO (Mobile Originated) SMS is a SMS that is sent from an originating handset to a SMSC.

A MT (Mobile Terminated) SMS is a SMS that has been received by a SMSC and is now being sent on the terminating leg to the recipient handset.

Malicious software installed onto a user's device, usually through downloading attachments or clicking unsecure links. Examples include ransomware, spyware, adware, trojans and worms.

Where the brains of the mobile operator reside, it is at the center of the network, directing and marshalling the user-plane traffic from the Radio Access Network, as well as being the interface to the rest of the world.

A Mobile Network Operator (MNO) manages all the components of a mobile network required to deliver mobile communication services to subscribers. 

A subscriber’s ability to change from one GSM network to another without needing to change their phone number.

Performs the switching functions of a Wireless Wide Area Network, connecting calls between subscribers by switching the digital voice packets between network paths.

Manages and stores user identities, mobility states, and user security parameters. Generates temporary identities and authenticates the UE. 

N

A building block within a network infrastructure, which has explicitly defined external interfaces and a definitive function. In 5G networks, a hacker compromising an edge network function connected to an operator’s service-based architecture could exploit a flaw in the design of network slicing standards to have access to both the operator’s core network and the network slices for other enterprises.

A functional layer in LTE that runs through the core network and user equipment (UE) layer. Its function is to manage signaling messages and traffic between UE and the core network, so that comms can be maintained as user equipment moves. 

O

Groups of bad actors who pool their resources and skills, working together to attack mobile networks. OCGs are primarily interested in using access to mobile core networks for interception of text messages to compromise 2FA security for financial gain. 

P

SMS messages sent from one person to another, as opposed to from application to person (A2P). 

A social engineering technique whereby an attacker tricks the victim into sharing sensitive information by pretending to be a trustworthy entity. 

Q

QOS controls and manages network resources by prioritizing certain types of data in a network, allowing organizations to meet traffic requirements and maintain a consistent and stable performance. 

R

A type of malware that hijacks the user’s device until a ransom is paid. This malware is often spread via SMS messages containing a link to download an infected file or application. 

S

A card containing a unique identification number which is placed inside of a mobile device. It stores the user's personal data and the device is unable to operate in its absence.

A method of re-routing communications to and from an alternative handset, by de-activating the SIM card linked to the subscriber's handset and activating a new one linking to an alternative handset. It is a method used by fraudsters to steal and abuse sensitive information, e.g a user's banking credentials.

The SMS Function (SMSF) is a 5G network function connected to the SBA. The SMSF supports SMS in 5G for SMS over NASx. It can be regarded as a frontend and interworking function towards an SMSC. The SMSF converts between 5G HTTP based SMS service-related API requests for MO-SMS and MT-SMS and 2G/3G MAP (mandatory) and 4G Diameter (optional). The architecture for SMS in 5G is defined in 3GPP TS 23.501 x, the procedures can be found in 3GPP TS 23.502 xi , while the technical details are in 3GPP TS 29.540.

SMS Roaming Fraud occurs when messages are intentionally intercepted while a subscriber is roaming. 

The signaling used to set up a voice call on a SS7 network, which the user does not have access to.

The voice call that takes place over a SS7 network, which the user has access to.

A number consisting of less digits than a normal phone number, often used as the SenderID of SMS and MMS messages. Frequently used by organizations to send customers high-throughput messages including promotional messages or two factor authentication messages.

The Short Message Service Center (SMSC), sometimes also called the SMS-C, SMS Centre or SMS-SC is a network node that can perform SMS-related actions like storing, forwarding, converting, and delivering SMS.

A node in a SS7 network that routes signaling messages based on their destination point code in the SS7 network.

Organizations that supply and manage the connectivity between mobile network operators and roaming partners, allowing mobile subscribers to use messaging and roaming services when travelling abroad.

A signaling system and international telecommunication protocol standard designed to generate reliable and billable events for the setup and control of voice calls.

A location tracking attack method of unprecedented sophistication, uncovered by Enea AdaptiveMobile Security in September of 2019.

In this attack method, a malicious mobile threat actor uses SMS to load malicious commands onto the SIM card on a targeted individual’s device, allowing the threat actor to bypass mobile network protection in place on more advanced network interfaces. Read more about Simjacker >

It is a type of phishing attacks that take place over SMS. Attackers often spoof the identity of a personal contact or legitimate organization, with the aim of extracting sensitive information from the victim. Read More>

A term encompassing all unsolicited messages, undesired by the recipient, whether there is malicious intent or not on the part of the sender. Examples span from unwanted marketing or promotional messages to malicious phishing and malware messages. 

A type of covert malware that gathers sensitive information about the user such as passwords, credit card information and location data. A user can unknowingly install spyware onto their device by clicking an unsecure link or downloading an infected file.

T

An aggregate of technologies, frequencies and communication protocols used to transmit information from one point to other points around the globe. 

U

Diameter packets used to change the designated location of a subscriber. Attackers may attempt to change the designated location of a subscriber to a fake location so that they can intercept subsequent communications to the subscriber. 

V

A database linked to one or more Mobile Switching Centres (MSCs), with exact location details of each mobile subscriber when they enter the service area covered by the associated MSC(s). The VLR allows visiting users to roam outside of their own coverage area, by using the information in its database to route calls to the correct base station.

W

Military conflict between two nations or groups of nations. 

Z

Software vulnerabilities which are known but not yet patched and can thus be exploited (zero-day exploit). 

Zero-Trust states that no actor can access a network unless their identity is fully authenticated and authorized. This model rejects the notion that we can grant access to actors based on an assumption that they are who and what they purport to be.