Shinjo Park is a PhD student in Security in Telecommunications, TU Berlin. He is interested in breaking and fixing cellular network entities, mobile appplications in the world. Before joining TU Berlin, he finished master's degree in KAIST. During his free time, he translates various free softwares in Korean, including KDE, Nextcloud and VirtualBox.
Altaf Shaik is a PhD student in Security in Telecommunications, TU Berlin. He is interested in studying security issues in 4G-LTE cellular networks, devices and their applications.
[Abstract]
==========
Modern smartphones can obtain clock either via internet or GPS or mobile network (2G/3G/4G). Clock spoofing attacks over Internet and GPS are widely known unlike attacks over mobile network. In this talk, we deeply analyze the management of several clock sources and their security aspects inside smartphones. We also demonstrate clock spoofing attacks over mobile networks using a low cost fake base station. The attacks are a result of configuration problems from mobile network operators, implementation specific issues from mobile baseband and OS designers.
Further we present the following attacks using clock spoofing on mobile OS and applications, including:
- Analyzing affect of clock spoofing on basic mobile network operation
- Remote DoS attack on Android, addressed as CVE-2016-3831
- Hindering operation of famous applications, including mobile messengers and banking apps