Let Me Answer That for You: Exploiting Broadcast Information in Cellular Networks
Authors:
Nico Golde, Kévin Redon, and Jean-Pierre Seifert, Technische Universität Berlin and Deutsche Telekom Innovation Laboratories
Abstract:
Mobile telecommunication has become an important part of our daily lives. Yet, industry standards such as GSM often exclude scenarios with active attackers. Devices participating in communication are seen as trusted and non-malicious. By implementing our own baseband firmware based on OsmocomBB, we violate this trust and are able to evaluate the impact of a rogue device with regard to the usage of broadcast information. Through our analysis we show two new attacks based on the paging procedure used in cellular networks. We demonstrate that for at least GSM, it is feasible to hijack the transmission of mobile terminated services such as calls, perform targeted denial of service attacks against single subscribers and as well against large geographical regions within a metropolitan area.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {180363,
author = {Nico Golde and Kevin Redon and Jean-Pierre Seifert},
title = {Let Me Answer That for You: Exploiting Broadcast Information in Cellular Networks},
booktitle = {Presented as part of the 22nd {USENIX} Security Symposium ({USENIX} Security 13)},
year = {2013},
isbn = {978-1-931971-03-4},
address = {Washington, D.C.},
pages = {33--48},
url = {https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/golde},
publisher = {{USENIX}},
}
connect with us