Unveiling the hidden dangers of public IP addresses in 4G/LTE cellular data networks

Authors:
Wai Kay Leong;Aditya Kulkarni;Yin Xu;Ben Leong
Affiliations:
National University of Singapore;National University of Singapore;National University of Singapore;National University of Singapore
Venue:
Proceedings of the 15th Workshop on Mobile Computing Systems and Applications
Year:
2014

Citing 9
Cited 0

Mitigating attacks on open functionality in SMS-capable cellular networks

Proceedings of the 12th annual international conference on Mobile computing and networking
3GPP LTE: the momentum behind LTE adoption

IEEE Communications Magazine
Review: A review of DoS attack models for 3G cellular networks from a system-design perspective

Computer Communications
A close examination of performance and power characteristics of 4G LTE networks

Proceedings of the 10th international conference on Mobile systems, applications, and services
Making middleboxes someone else's problem: network processing as a cloud service

Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Can we pay for what we get in 3G data access?

Proceedings of the 18th annual international conference on Mobile computing and networking
Signaling oriented denial of service on LTE networks

Proceedings of the 10th ACM international symposium on Mobility management and wireless access
Towards accurate accounting of cellular data for TCP retransmission

Proceedings of the 14th Workshop on Mobile Computing Systems and Applications
An in-depth study of LTE: effect of network protocol and application behavior on performance

Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM

Quantified Score

Hi-index	0.00

Visualization

Abstract

While it is often convenient for mobile cellular devices to have a public IP address, we show that such devices are vulnerable to stealthy malicious attacks. In particular, we show with experiments on three 4G/LTE cellular data networks in Singapore that it is easy for an attacker to initiate three different types of attacks on such mobile devices: (i) data quota drain, (ii) DoS flooding, and (iii) battery drain. Our experiments show that a potential attacker can completely exhaust the monthly data quota within a few minutes, completely choke the data connection of a mobile subscriber with a data stream of just 3 Mb/s, and increase the battery drain rate by up to 24 times. Finally, we argue that a simple proxy-based firewall with a secret IP address would be an effective and feasible defense against such potential attacks.