Exposing Vulnerabilities in Mobile Networks: A Mobile Data Consumption Attack

TL;DR

This paper reveals a vulnerability in mobile networks where an attacker can force a smartphone to consume cellular data without user consent by switching from Wi-Fi to cellular during a download, exposing data usage inaccuracies.

Contribution

The paper introduces a novel attack method that exploits network switching to manipulate data consumption records in mobile networks.

Findings

The attack is feasible in real-world scenarios.

Mobile networks can be manipulated to misreport data usage.

The vulnerability affects billing accuracy in mobile networks.

Abstract

Smartphone carrier companies rely on mobile networks for keeping an accurate record of customer data usage for billing purposes. In this paper, we present a vulnerability that allows an attacker to force the victim's smartphone to consume data through the cellular network by starting the data download on the victim's cell phone without the victim's knowledge. The attack is based on switching the victim's smartphones from the Wi-Fi network to the cellular network while downloading a large data file. This attack has been implemented in real-life scenarios where the test's outcomes demonstrate that the attack is feasible and that mobile networks do not record customer data usage accurately.