Skip to main content

VIDEO: Forcing A Targeted LTE Cellphone Into An Eavesdropping Network

posted onJune 23, 2016
by l33tdawg

LTE is a more advanced mobile network but not absolutely secure.

In this presentation, we will introduce a method which jointly exploits the vulnerabilities in tracking area update procedure, attach procedure, and RRC redirection procedure in LTE networks resulting in the ability to force a targeted LTE cellphone to downgrade into a malicious GSM network where an attacker can subsequently eavesdrop its voice calls and GPRS data.

We used LTE software plus USRP to verify this attack. Some open source projects, such as OpenLTE and Open Air Interface, can be modified to realize this attack. In this presentation, we will:

1.) Introduce the vulnerabilities in LTE RRC and NAS signaling

2.) Discuss the tricks in EMM cause setting

3.) Demonstrate the attack to the audience by video

4.) Present some defense proposals.

This attack is not a simple DoS attack. We can select the targeted cellphone by filtering the IMSI number, so it will not influence the other cellphones and keep them still in the real network. We can force the cellphone into the malicious network and it has no chance to choose other secure network.

Source

Tags

HITB hitb2016ams Privacy Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th