Set of tools and documentation for leveraging private APNs for mobile network traffic analysis
Presented at DEF CON 32 on August 9 2024
DEF CON 32 YouTube: Coming soon!
Mobile devices connect to the Internet using mobile networks provided by Internet Service Providers (ISPs). The devices connect to the ISP mobile networks with Access Point Names (APNs) that is usually just "Internet" and just connects the device directly to the Internet.
Many ISPs have begun offering private APNs to allow you to have a private network inside the ISP infrastructure. By renting a private APN and redirecting all device traffic to your own server, you can easily intercept and tamper with mobile device network traffic.
This repository has instructions and tools on how to do this.
| ISP | Private APN cost | Country | Data cost | Network operator | Can force APN settings? | Notes |
|---|---|---|---|---|---|---|
| 100€ setup + 140€/month | EU(/Global) | ??? | ??? | No, APN settings must be set on SIM/device | Not thoroughly tested outside Finland | |
| 100€ setup + 140€/month | Finland | 5€/month for slow, 1.5€/day when used for fast | Telia | Yes, if set on the private APN configuration | ||
| $10 setup + $0.75/hour | Global | Soracom carriers & pricing | Soracom carriers & pricing | No, APN settings must be set on SIM/device | Some network operators don't seem to need proper APN settings, See "Soracom Finland". Not thoroughly tested outside Finland | |
| $10 setup + $0.75/hour | Finland | $0.05/MB | Telia & DNA | Yes, by default | Even though Soracom says to use their APN settings, on this network device APN settings don't seem to matter at all and the device connects to the private APN with any APN settings | |
| $10 setup + $0.75/hour | Finland | $0.05/MB | Elisa | No, APN settings must be set on SIM/device | ||
This means that the ISP/Network operator will not care what APN settings the device has configured and will redirect the device to the private APN anyway. For example, with the following setting on the ISP configuration:
First select the ISP you want to use from the above list. Click the ISP name for documentation on how to set up the Private APN and connect it to your server. In the instructions AWS based cloud server is used.
After connecting the private APN to your server you can either monitor the traffic on the server of connect the devices to other computers through a WireGuard tunnel:
You can setup the WireGuard connections with the setup found in