TL;DR
This paper reveals practical vulnerabilities in LTE mobile networks that can compromise user location privacy and service availability, demonstrating real-world attacks and proposing countermeasures.
Contribution
It is the first to publicly demonstrate practical LTE protocol attacks, exposing privacy and availability vulnerabilities and suggesting improvements for future specifications.
Findings
LTE devices can be located within 2 sq.km in cities
Attacks can precisely locate LTE devices using GPS or signal strength
Service denial attacks can persistently disrupt LTE device connectivity
Abstract
Mobile communication systems now constitute an essential part of life throughout the world. Fourth generation "Long Term Evolution" (LTE) mobile communication networks are being deployed. The LTE suite of specifications is considered to be significantly better than its predecessors not only in terms of functionality but also with respect to security and privacy for subscribers. We carefully analyzed LTE access network protocol specifications and uncovered several vulnerabilities. Using commercial LTE mobile devices in real LTE networks, we demonstrate inexpensive, and practical attacks exploiting these vulnerabilities. Our first class of attacks consists of three different ways of making an LTE device leak its location: A semi-passive attacker can locate an LTE device within a 2 sq.km area within a city whereas an active attacker can precisely locate an LTE device using GPS…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
