Wanqiao Zhang is wireless security researcher in UnicornTeam of Qihoo360, graduated from NUAA with master’s degree in last year. She is enthusiastic about security of radio transmission and cellular network. She was a speaker of DEFCON24.
Lin Huang is a senior wireless security researcher, in UnicornTeam of Qihoo 360. She is an expert in SDR area. Her research interests include the security issues in many kinds of wireless communication systems, especially the cellular network security. She was a speaker of DEFCON, POC and HITB.
[Abstract]
==========
LTE is a more advanced mobile network but not absolutely secure. There already some papers those exposed the vulnerabilities of LTE network. In this presentation, we will introduce one method which jointly exploits the vulnerabilities in tracking area update procedure, attach procedure, and RRC redirection procedure, and finally can force a targeted LTE cellphone to downgrade into another malicious network, a fake network that we setup or a rogue network we assign, where the attacker can make further attack. This is not a simple DoS attack like high power jamming. It can select the targeted cellphone by filtering the IMSI number (IMSI catcher function), so it will not influence the other cellphones and keep them still in the real network.
This work was presented in HITB and DEFCON this year and we got good feedbacks. In this POC presentation, we will introduce some more efforts we made after DEFCON, and give audience the latest update on this topic.