Challenges

Mobile network expose information like location as a service to employees, customers and partners. Those exposure APIs need to be properly secured to avoid data leakage. Our challenge focuses on the security of the edge computation.

The edge computing APIs will be used for many critical use cases e.g., traffic management, critical private infrastructure, logistics, etc.

The hackers should get themselves familiar with ETSI MEC Location API and the security used in those standards. Json API knowledge should exist. The hacker should have an understanding of identities used in a 4G/5G network. The API is accessed from a mobile device for a user belonging to a certain security group “low level”.

The hackers should try to get the location of devices belonging to a “high security level” group based on the information from the MEC API specification and the “low level” access. Discover key weaknesses of the current MEC location API and its implementation.

This is one rare opportunity to hack into a 5G network and edge computing, a technology that is used all over the world and in many critical use cases. It gives the opportunity to gain understanding of this technology and its security challenges.

About the company

Aalto: We have unique 5G/6G own private network with cutting edge features such as MEC, slicing, TSN, 5GLAN some of them not available in commercial networks.

Fortum: Fortum is a major energy provider in the Nordics and investigating constantly new technologies.

PricewaterhouseCoopers (PwC): We support organisation in securely using 5G and complying to security regulations for 5G networks and critical infrastructure.

Prizes for winner

Total bounty in the challenge is 10 000€. The bounty is divided between three best teams so that 1st team gets 5000€, 2nd 3000€ and 3rd 2000€. 

In the simulated attack the participants are invited to penetrate the defenses of a Company X private 5G network deployment, which is based on Nokia's Digital Automation Cloud (DAC) platform. The DAC platform consists of core network, a radio access network, and an edge computing platform, which can host various applications and services for the network users. 

The participants are given access to the outer perimeter of the private 5G network, which is available to an attacker who has already managed to enter the physical premises of Company X and internal network. The customer is an industrial company that has digitalized its key business processes and their business is dependable of the 5G network. The participants can access all customer-intranet-facing network interfaces, such as the management interface of the DAC platform, the user plane interface of the radio access network, and the application interface of the edge computing platform. The participants can also use a server application for bandwidth measurement from Nokia's App Collection, which is running on top of the Mission Critical Industrial Edge (MXIE), the edge computing platform of the DAC. The bandwidth measurement application serves as a means to see what throughput a user of the network achieves.

Private networks are networks that are isolated from the public internet and only accessible by authorized users. Critical use cases are business processes that have high stakes and require reliable, secure, and efficient performance. Our customers are involving their most critical use cases and private networks because they offer many benefits and enhanced security.

The main objectives of the challenge are to:

• Gain access to any services you should not be able to access in the way you do it.
• Reach, breach, or map out any internal network or component you should not have access to.
• Reconfigure, change the state of any component of the solution, in any way.
• Install anything, delete anything, break anything.
• Impact the service level for other users – or operators – of the network. Maybe you manage to deny it completely?
• Have fun and learn from the experience.

The teams are valuated mainly by the findings and used methods and effort put to challenge. But the level of innovation, attitude and team spirit are also taken into account.

Based on everything described above, you'll have the opportunity to delve into cutting-edge private wireless technology. Your task will be to disrupt a real-life use case from an industrial company, offering a hands-on experience like no other. You'll witness in real-time the impact of your actions on the system you're hacking. Plus, there's the thrill of the challenge and the chance to be rewarded for your success. Get ready for an exhilarating adventure!

About the company

Private 5G networks are emerging as a key enabler for various industrial applications that require high performance, reliability, security, and customization. In this challenge, we have two partners who are leading the way in developing and deploying private 5G networks and solutions for critical use cases: Digita and Nokia.

Digita is a Finnish company that provides broadcasting, IoT, and network services. Digita is also a pioneer in private network business, as it plans, builds, and maintains private mobile 5G networks for industrial customers. Digita uses Nokia technology and is a Nokia expert level partner.

As a trusted partner for critical networks, Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. We create value with intellectual property and long-term research, led by the award-winning Nokia Bell Labs. Adhering to high standards of integrity and security, we help build the capabilities needed for a more productive, sustainable and inclusive world.

Prizes for winner

Total bounty in the challenge is 10 000€. The bounty is divided among three best teams, so that 1st team gets 5000€, 2nd 3000€ and 3rd 2000€. 

Ericsson is a leading provider of mobile connectivity solutions to telecom operators as well as enterprises in various sectors.  What we do is create high-performance, open and programmable networks that provide our customers with new paths to monetizing the network. This of course includes private 5G networks. 

We are providing security researchers and hackers the opportunity to test one of the key parts of the future in terms of radio access networks (RAN). We will be providing part of our CloudRAN portfolio as a target.

Cloud RAN is the separation of the RAN baseband software and the RAN baseband hardware. This baseband software can run on any capable commercial off-the-shelf (COTS) hardware, with or without integrated accelerators, utilizing cloud-native tools and processes to manage the software and hardware.

Going forward, there is a trend towards more distributed cloud infrastructure, private networks, and indoor 5G deployments. New opportunities and also use-cases that benefit from low latency and processing at the edge will emerge and Cloud RAN is an enabler of these future use-cases and revenue streams.

The telecom industry is looking towards the future of open, cloud based and programmable networks. 

This challenge offers a unique opportunity to get your hands on and test part of our CloudRAN portfolio. The objective is to discover vulnerabilities in the services we will be providing you access to. We will offer you deliberately chosen management services that are vital to security and also approachable for hackers without specific telecom knowledge. Are you able to hack your way in, escalate privileges or move laterally within the challenge target? We offer you a challenging target to test yourself against. 

Prizes for winner

Findings will be evaluated based on their impact in the context of a telecom network deployment and teams will compete for a total bounty of 10 000€. The bounty will be divided between the three best teams so that 1st team gets 5000€, 2nd 3000€ and 3rd 2000€.