The flaws were discovered using a semi-automated testing tool named LTEFuzz, which generates and sends test cases to a target network and then classifies problematic behavior by monitoring device-side logs. The results were confirmed against operational LTE networks.
In a whitepaper (PDF), the researchers explain that their findings were categorized into five types, namely improper handling of unprotected initial procedure, crafted plain requests, messages with invalid integrity protection, replayed messages, and security procedure bypass.
“The impact of the attacks is to either deny LTE services to legitimate users, spoof SMS messages, or eavesdrop/manipulate user data traffic,” the researchers explain.
Leave a reply