AdaptOver: Adaptive Overshadowing Attacks in Cellular Networks
Abstract
In cellular networks, attacks on the communication link between a mobile device and the core network significantly impact privacy and availability. Up until now, fake base stations have been required to execute such attacks. Since they require a continuously high output power to attract victims, they are limited in range and can be easily detected both by operators and dedicated apps on users’ smartphones.
This paper introduces AdaptOver—a MITM attack system designed for cellular networks, specifically for LTE and 5G-NSA. AdaptOver allows an adversary to decode, overshadow (replace) and inject arbitrary messages over the air in either direction between the network and the mobile device. Using overshadowing, AdaptOver can cause a persistent (≥ 12h) DoS or a privacy leak by triggering a UE to transmit its persistent identifier (IMSI) in plain text. These attacks can be launched against all users within a cell or specifically target a victim based on its phone number.
We implement AdaptOver using a software-defined radio and a low-cost amplification setup. We demonstrate the effects and practicality of the attacks on a live operational LTE and 5G-NSA network with a wide range of smartphones. Our experiments show that AdaptOver can launch an attack on a victim more than 3.8km away from the attacker. Given its practicability and efficiency, AdaptOver shows that existing countermeasures that are focused on fake base stations are no longer sufficient, marking a paradigm shift for designing security mechanisms in cellular networks.
Research Area: Cellular Security
People
BibTex
@INPROCEEDINGS{erni2022adaptover,
doi = {10.1145/3495243.3560525},
year = {2022-10-14},
booktitle = {MobiCom '22: Proceedings of the 28th Annual International Conference on Mobile Computing And Networking},
type = {Conference Paper},
institution = {EC and SNF},
author = {Erni, Simon and Kotuliak, Martin and Leu, Patrick and Roeschlin, Marc and Capkun, Srdjan},
abstract = {In cellular networks, attacks on the communication link between a mobile device and the core network significantly impact privacy and availability. Up until now, fake base stations have been required to execute such attacks. Since they require a continuously high output power to attract victims, they are limited in range and can be easily detected both by operators and dedicated apps on users' smartphones.This paper introduces AdaptOver---a MITM attack system designed for cellular networks, specifically for LTE and 5G-NSA. AdaptOver allows an adversary to decode, overshadow (replace) and inject arbitrary messages over the air in either direction between the network and the mobile device. Using overshadowing, AdaptOver can cause a persistent (≥ 12h) DoS or a privacy leak by triggering a UE to transmit its persistent identifier (IMSI) in plain text. These attacks can be launched against all users within a cell or specifically target a victim based on its phone number.We implement AdaptOver using a software-defined radio and a low-cost amplification setup. We demonstrate the effects and practicality of the attacks on a live operational LTE and 5G-NSA network with a wide range of smartphones. Our experiments show that AdaptOver can launch an attack on a victim more than 3.8km away from the attacker. Given its practicability and efficiency, AdaptOver shows that existing countermeasures that are focused on fake base stations are no longer sufficient, marking a paradigm shift for designing security mechanisms in cellular networks.},
keywords = {privacy; overshadowing; denial of service; cellular networks},
language = {en},
address = {New York, NY},
publisher = {Association for Computing Machinery},
title = {AdaptOver: Adaptive Overshadowing Attacks in Cellular Networks},
PAGES = {743 - 755},
Note = {28th Annual International Conference On Mobile Computing And Networking (MobiCom 2022); Conference Location: Sydney, Australia; Conference Date: October 17-21, 2022}
}Research Collection: 20.500.11850/579751