Hackers of India

LTE & IMSI Catcher Myths

By  Ravishankar Borgaonkar   N Asokan   Altaf Shaik  , Valtteri Niemi  , Jean Pierre Seifert  on 13 Nov 2015 @ Blackhat

Presentation Material

Abstract

It is true that LTE (4G) is more secure than its old generations GSM (2G) & UMTS (3G). In theory, most of the traditional IMSI catchers would not work in a straightforward manner against LTE-based mobile phones due to LTE’s enhanced security mechanisms. However, in practice, it is possible to bypass these LTE security features, due to vulnerabilities in baseband software and in deployed LTE networks. In this talk, we build an LTE IMSI catcher and show how most popular phones fail when they are on LTE networks.

AI Generated Summarymay contain errors

Here is a summary of the content:

The speaker discusses vulnerabilities in 4G baseband modems, specifically mentioning Samsung and LT phones. Despite informing vendors, there was no response from some, including Samsung, even though they showed interest initially. The Galaxy S6 modem was compromised at a recent SEC conference. Mobile network operators were informed, but issues with Mme software need to be patched.

The speaker also mentions discussions at a 3GPP standardization meeting about fixing these problems in 5G networks using Software Defined Networking and agility. Historically, encrypting MC (Mobile Country) was considered but deemed not efficient due to the required effort and fallback mechanisms.

From their experience, some baseband vendors replied quickly, acknowledged the problem, and patched it within two to three months. However, handset manufacturers have yet to fix the issue, leaving 4G devices vulnerable.

The speaker notes that fixing the vulnerability issues from a specification side will take time, requiring modifications to standards and action notes from regulatory bodies. New phones might receive updates, but it’s unclear if old phones will be supported.

Finally, the speaker offers assistance for further research, providing information but not source code, and invites interested parties to collaborate. The paper detailing these findings is already publicly available and will be published in an academic conference next year.