AdaptOver : Adaptive Overshadowing of LTE signals

by   Simon Erni, et al.

We introduce AdaptOver, a new LTE signal overshadowing attack that allows an adversary to reactively and adaptively overshadow any downlink message between the network and the user equipment (UE). We demonstrate the impact of AdaptOver by using it to launch targeted Denial-of-Service (DoS) attacks on UEs. We implement AdaptOver using a commercially available software-defined radio. Our experiments demonstrate that our DoS attacks cause persistent connection loss lasting more than 12 hours for a wide range of smartphones. DoS attacks based on AdaptOver are stealthier than attacks that relied on the use of fake base stations, and more persistent than existing overshadowing attacks, which caused connection loss of only up to 9 minutes. Given that AdaptOver can reactively overshadow any downlink message, its use is not limited to DoS attacks - it can be used for a wide range of other attacks, e.g., to extract the IMSI from a UE in a stealthier manner than traditional IMSI catchers. We consider AdaptOver to be an essential building block for many attacks against real-world LTE networks. In particular, any fake base station attack that makes use of spoofed downlink messages can be ported to the presented attack method, causing a much more reliable, persistent, and stealthy effect.



There are no comments yet.


page 9


LTrack: Stealthy Tracking of Mobile Phones in LTE

We introduce LTrack, a new tracking attack on LTE that allows an attacke...

Denial-of-Service Attacks on C-V2X Networks

Cellular Vehicle-to-Everything (C-V2X) networks are increasingly adopted...

The Master and Parasite Attack

We explore a new type of malicious script attacks: the persistent parasi...

Identifying the Fake Base Station: A Location Based Approach

Fake base station (FBS) attack is a great security challenge to wireless...

Lattice Coding for Downlink Multiuser Transmission

In this thesis, we mainly investigate the lattice coding problem of the ...

Defeating the Downgrade Attack on Identity Privacy in 5G

3GPP Release 15, the first 5G standard, includes protection of user iden...

LEASH: Enhancing Micro-architectural Attack Detection with a Reactive Process Scheduler

Micro-architectural attacks use information leaked through shared resour...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.