Vulnerabilities in LTE access network protocols

4G mobile communication networks, also known as “LTE” (Long Term Evolution) are widely deployed. In this project, we set out to investigate how good LTE security and privacy mechanisms are. We discovered several surprising lapses. We have been working with manufacturers and standards organizations to address these problems. You can find a blog post with a brief overview in our research group’s blog.

People

• Ravishankar Borgaonkar, Aalto University
• Altaf Shaik, TU Berlin
• N. Asokan, Aalto University and University of Helsinki
• Valtteri Niemi, University of Helsinki
• Jean-Pierre Seifert, TU Berlin

Results

Demos

• T2 Security Conference, Helsinki, Finland, October 2015
• Black Hat Europe Amsterdam, Netherlands, November 2015

Research papers

• Technical report in arXiv
• Research paper at NDSS 2016 conference (to appear), February 2016

Media

• Ars Technica Low-cost IMSI catcher for 4G/LTE networks tracks phones’ precise locations
• The Telegraph WhatsApp and Facebook signals can be hacked to track your location
• Motherboard This Next-Gen Stingray Uses Facebook and WhatsApp Messages to Track Users
• SC Magazine Black Hat Europe: Researchers demonstrate how to bypass LTE/4G security
• DarkReading New 4G LTE Hacks Punch Holes In Privacy
• YLE (Finland) 4G vuotaa – yksityisetsiville kättä pidempää aviopuolisoiden riitoihin
• Iltalehti (Finland) Aalto-yliopiston tutkijat: 4G:n käyttäjän sijaintia voidaan urkkia
• Golem (Germany) Forscher stellen LTE-Angriffe mit 1.250-Euro-Hardware vor
• Version 2 (Denmark) Black Hat: Handover får den ellers sikre LTE-protokol til at afsløre din position

This work is funded in part by:

• Cloud Security Services (CloSe) project funded by the Academy of Finland
• Intel Collaborative Research Institute for Secure Computing at Aalto University, funded by Intel and Aalto University.