4G LTE Insecurities: like 1983 all over again

Speaker/Bio

Michael Hirsch is a fifth-year PhD EE candidate, geoscientist, and angel investor. Michael\x92s pre-!PhD career involved design of mission-critical and life-safety wireless networks for state and federal agencies. Michael was a pioneer in commercial wireless broadband network deployments in the Midwest. Michael\x92s PhD work involved deploying a world-wide network of semi-autonomous sensors that due to their remoteness and expense had to be cybersecure from day one. Michael\x92s contribution to STEM education and outreach includes over 100 open-source geoscience and image/signal analysis programs as well as code contributions to major open-source software such as Numpy, SciPy, GNU Octave and more.

Abstract

Tremendous growth in LTE is fueled by universal adoption of smartphones, IoT (Internet of Things), public safety and critical infrastructure applications and more. LTE over the air exchanges critical information \x93in the clear\x94, facilitating many trivial remote, anonymous, cheap, over the air exploits akin to the now widely known hacks from the 1980s 1G cellular networks. User location information is leaked over LTE in the clear. For less than $1000, countermeasures allowing disabling the LTE device, man-in-the-middle attacks, and tracking individual users have been shown feasible. Downgrading user devices to low-security 2G is also feasible. We review these exploits and show example sub-$1000 hardware useful for such remote exploits.

References

• Shmoocon 2016 talk: https://youtu.be/-iLSIkIMjXM?list=PLJgHiyD1pZg70X3X3zjmdmZg3u0eqDFJ4
• http://www.ee.columbia.edu/~roger/LTE_security_tutorial_ICC_May_2016.pdf
• Shaik, Altaf, et al. "Practical attacks against privacy and availability in 4G/LTE mobile communication systems." arXiv preprint arXiv:1510.07563 (2015).