Let me answer that for you: exploiting broadcast information in cellular networks

Authors:
Nico Golde;Kévin Redon;Jean-Pierre Seifert
Affiliations:
Technische Universität Berlin and Deutsche Telekom Innovation Laboratories;Technische Universität Berlin and Deutsche Telekom Innovation Laboratories;Technische Universität Berlin and Deutsche Telekom Innovation Laboratories
Venue:
SEC'13 Proceedings of the 22nd USENIX conference on Security
Year:
2013

Citing 10
Cited 0

Real Time Cryptanalysis of A5/1 on a PC

FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Exploiting open functionality in SMS-capable cellular networks

Proceedings of the 12th ACM conference on Computer and communications security
Impact of paging channel overloads or attacks on a cellular network

WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication

Journal of Cryptology
On the detection of signaling DoS attacks on 3G/WiMax wireless networks

Computer Networks: The International Journal of Computer and Telecommunications Networking
On cellular botnets: measuring the impact of malicious devices on a cellular network core

Proceedings of the 16th ACM conference on Computer and communications security
SMS of death: from analyzing to attacking mobile phones on a large scale

SEC'11 Proceedings of the 20th USENIX conference on Security
Baseband attacks: remote exploitation of memory corruptions in cellular protocol stacks

WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
M2M Communications: A Systems Approach

M2M Communications: A Systems Approach
New privacy issues in mobile telephony: fix and verification

Proceedings of the 2012 ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Mobile telecommunication has become an important part of our daily lives. Yet, industry standards such as GSM often exclude scenarios with active attackers. Devices participating in communication are seen as trusted and non-malicious. By implementing our own baseband firmware based on OsmocomBB, we violate this trust and are able to evaluate the impact of a rogue device with regard to the usage of broadcast information. Through our analysis we show two new attacks based on the paging procedure used in cellular networks. We demonstrate that for at least GSM, it is feasible to hijack the transmission of mobile terminated services such as calls, perform targeted denial of service attacks against single subscribers and as well against large geographical regions within a metropolitan area.