Mobile Network Attacks & Security

IMSI catchers are rogue base stations that trick mobile devices into connecting to them, allowing attackers to capture International Mobile Subscriber Identity (IMSI) numbers and intercept communications.

A5/1 is the encryption algorithm used in 2G GSM networks. Due to its weak 64-bit key and known vulnerabilities, it can be broken in real-time to decrypt voice calls and SMS messages.

Fake Base Transceiver Station (BTS) attacks involve deploying rogue cell towers that impersonate legitimate network infrastructure to intercept communications and perform man-in-the-middle attacks.

SMS interception attacks allow attackers to capture, read, and potentially modify text messages sent between mobile devices, compromising the confidentiality and integrity of SMS communications.

Call interception attacks enable attackers to eavesdrop on voice communications by capturing and decrypting the audio stream between mobile devices and the network.

Downgrade attacks force mobile devices to connect to older, less secure network technologies (2G) where encryption is weaker and easier to break, enabling various attack vectors.

Despite 4G LTE's improved security, IMSI extraction attacks exploit vulnerabilities in the attach procedure to capture subscriber identities before encryption is established.

Voice over LTE (VoLTE) exploits target vulnerabilities in the IMS architecture and SIP protocol to intercept calls, perform denial of service, or manipulate call routing.

Rogue eNodeB attacks involve deploying fake LTE base stations that impersonate legitimate network infrastructure to intercept communications and perform man-in-the-middle attacks.

Man-in-the-Middle attacks on LTE networks position the attacker between the device and legitimate network infrastructure to intercept, monitor, and manipulate communications.

Denial of Service attacks on LTE networks aim to disrupt service availability by overwhelming network resources, exploiting protocol vulnerabilities, or jamming radio frequencies.

Location tracking attacks exploit LTE protocols and network architecture to determine the physical location of mobile devices without user consent or awareness.

Subscription Concealed Identifier (SUCI) attacks attempt to compromise the 5G privacy mechanism designed to protect subscriber identities through cryptographic concealment.

gNodeB spoofing involves deploying fake 5G base stations that impersonate legitimate network infrastructure to intercept communications and perform man-in-the-middle attacks.

Network slicing exploits target the 5G feature that creates multiple virtual networks on shared infrastructure, attempting to breach slice isolation or perform cross-slice attacks.

5G networks expose numerous APIs for network functions, edge computing, and third-party services. Vulnerabilities in these APIs can lead to unauthorized access, data breaches, and service disruption.

5G edge computing brings computation closer to users for low latency. Attacks target edge nodes, multi-tenancy isolation, or exploit the distributed nature of edge infrastructure.

5G enables massive IoT deployments. Attacks target the large number of connected IoT devices, exploiting weak security, default credentials, or protocol vulnerabilities.