recentpopularlog in

pierredv : 4g   23

Newer Diameter Telephony Protocol Just As Vulnerable As SS7, Jul 2018
"Security researchers say the Diameter protocol used with today's 4G (LTE) telephony and data transfer standard is vulnerable to the same types of vulnerabilities as the older SS7 standard used with older telephony standards such as 3G, 2G, and earlier."

"The difference between these two is that while SS7 did not use any type of encryption for its authentication procedures, leading to the easy forgery of authentication and authorization messages, Diameter supports TLS/DTLS (for TCP or SCTP, respectively) or IPsec."

"4G operators often misconfigure Diameter"

"Researchers say that the Diameter misconfigurations they've spotted inside 4G networks are in many cases unique per each network but they usually repeat themselves to have them organized in five classes of attacks: (1) subscriber information disclosure, (2) network information disclosure, (3) subscriber traffic interception, (4) fraud, and (5) denial of service."
LTE  4G  cyber-spectrum  cybersecurity  Diameter  SS7 
18 days ago by pierredv
[1510.07563] Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems, Aug 2017
Altaf Shaik, Ravishankar Borgaonkar, N. Asokan, Valtteri Niemi, Jean-Pierre Seifert


Mobile communication systems now constitute an essential part of life throughout the world. Fourth generation "Long Term Evolution" (LTE) mobile communication networks are being deployed. The LTE suite of specifications is considered to be significantly better than its predecessors not only in terms of functionality but also with respect to security and privacy for subscribers.
We carefully analyzed LTE access network protocol specifications and uncovered several vulnerabilities. Using commercial LTE mobile devices in real LTE networks, we demonstrate inexpensive, and practical attacks exploiting these vulnerabilities. Our first class of attacks consists of three different ways of making an LTE device leak its location: A semi-passive attacker can locate an LTE device within a 2 this http URL area within a city whereas an active attacker can precisely locate an LTE device using GPS co-ordinates or trilateration via cell-tower signal strength information. Our second class of attacks can persistently deny some or all services to a target LTE device. To the best of our knowledge, our work constitutes the first publicly reported practical attacks against LTE access network protocols.
We present several countermeasures to resist our specific attacks. We also discuss possible trade-offs that may explain why these vulnerabilities exist and recommend that safety margins introduced into future specifications to address such trade-offs should incorporate greater agility to accommodate subsequent changes in the trade-off equilibrium.
IMSI-catchers  StingRay  4G  LTE  cyber-spectrum  Arxiv 
18 days ago by pierredv
SS7 vulnerabilities and attack exposure report, 2018 - Positive Technologies
Via Dale

"This report reveals the results of SS7 security analysis. Signaling System 7 (SS7) is used for exchanging data between network devices in telecommunications networks. While this standard was being developed, only fixed-line operators had access to the SS7 network, so its security was not first on the priority list. Today the signaling network is not isolated, and this allows an intruder to exploit its flaws and intercept calls and SMSs, bypass billing, steal money from mobile accounts, or affect mobile network operability."

"Although new 4G networks use another signaling system, Diameter, SS7 security issues have not been forgotten, because mobile operators should ensure 2G and 3G support and interaction between networks of different generations. Moreover, research shows that Diameter is prone to the same threats. This protocol's vulnerabilities along with possible cross-protocol attacks that use Diameter and SS7 flaws will be outlined in the next report."


"The research has shown that the level of security of mobile communication networks is still low. The overwhelming majority of networks remain vulnerable, which allows criminals to intercept subscribers' voice calls and messages, perform fraudulent operations, and disrupt service availability for subscribers."
SS7  Diameter  spectrum-vulnerability  cyber-spectrum  cybersecurity  telecoms  2G  3G  4G  PositiveTechnologies 
march 2019 by pierredv
5G handsets are here but are the networks ready? | PolicyTracker: Feb 2019
"The mobile trade association GSMA says that LTE will continue to see strong growth in the coming years. It expects 4G to account for 60 per cent of global connections by 2025, while 5G will only make up 15 per cent of the global total during the same period."

"Building 5G networks is a huge investment, the GSMA says. Afke Schaart, Vice President and head of Europe, Russia and CIS at the association, claims that the rollout of 5G in Europe will cost €500 billion. "

“3.5 GHz with massive MIMO has better coverage than 1.8 GHz.”
5G  4G  GSMA  PolicyTracker 
march 2019 by pierredv
ToRPEDO Privacy Attack on 4G/5G Networks Affects All U.S. Carriers | Threatpost | Feb 2019
"Privacy-breaking flaws in the 4G and 5G mobile protocols could allow attackers to intercept calls, send fake amber alerts or other notifications, track location and more, according to a research team from Purdue University and the University of Iowa."

"The researchers uncovered three connected types of attacks that use this paging mechanism. The primary attack, dubbed ToRPEDO (short for TRacking via Paging mEssage DistributiOn), can be used to verify the location of a specific device. Attackers could also inject fake paging messages and mount denial-of-service (DoS) attacks, the team said.

Two other attacks enabled by ToRPEDO, the IMSI-Cracking attack and PIERCER (short for Persistent Information ExposuRe by the CorE netwoRk), allow an adversary to fully uncover the victim’s unique International Mobile Subscriber Identity (IMSI) number, if the phone number is known — opening the door to targeted user location-tracking."

"The TMSI is randomly assigned by the MME and is used to cloak the IMSI from side-channel attacks. The TMSI is supposed to change on a regular basis; however, previous sniffing attacks have been demonstrated that take advantage of the fact that this is not always the case."

"Beyond imprecise location-tracking and device status, ToRPEDO opens the door to much more serious attacks. For instance, once the attacker knows the victim’s paging occasion from ToRPEDO, the attacker can hijack the victim’s paging channel."

"Also, the researchers were able to validate that a tweet mentioning the victim’s Twitter handle triggers paging if the victim sets the Twitter app with push notifications on. This allows the attacker to associate a Twitter persona with a specific phone and phone number – and this likely extends to other services with push notifications, allowing he or she to start building a personal profile of the victim."

"Fortunately, each of the attacks have specific inherent mitigations."

In a paper presented at Mobile World Congress in Barcelona this week, the researchers explained that the issues arise from weaknesses in the cellular paging (broadcast) protocol. They started with the fact that when a mobile device is in its idle, low-power state, it will conserve battery life partly by polling for pending services only periodically.
5G  4G  privacy  IMSI  sniffing  surveillance  cyber-spectrum  spectrum-vulnerability 
february 2019 by pierredv
Researchers Demonstrate Serious Privacy Attacks on 4G and 5G Protocols
A group of academic researchers have revealed a design weakness in the 4G/5G protocol which can be exploited by an attacker to identify the victim's presence in a particular cell area just from the victim's soft-identity such as phone number and Twitter handle. "Any person with a little knowledge of cellular paging protocols can carry out this attack," said Syed Rafiul Hussain, one of the co-authors of the paper, told TechCrunch.

The abstract below from the paper released today called "Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information" specifies the dangers of the discovered vulnerability.
cyber-spectrum  spectrum-vulnerability  4G  5G  CircleID 
february 2019 by pierredv
3G & 4G Networks Are Prone to Stingray Surveillance Attacks - Jul 2017
"3G and 4G LTE devices deployed worldwide have a critical security vulnerability that could be used by Stingray devices, security researchers revealed at the Black Hat Conference in Las Vegas. Researchers said all the modern and high-speed networks have a protocol flaw that enables mobile devices to connect with the cell operator, allowing attackers to track and monitor users."

"Many believe that the modern protocols, unlike 2G, protect users against easy-to-use tracking and surveillance. However, latest research reveals a flaw in the authentication and key agreement, which enables a phone to communicate securely with the user’s cell network."

"While this flaw doesn’t reportedly allow attackers to intercept calls or messages, it does enable them to monitor consumption patterns and track the phone location."
StingRay  IMSI-catcher  3G  4G  cellular  spectrum-vulnerability  cyber-spectrum  spoofing 
february 2019 by pierredv
New security flaw impacts 5G, 4G, and 3G telephony protocols | ZDNet, Jan 2019
"A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards."

"Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols."

According to "a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year. ..., the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks."

"Instead of intercepting mobile traffic metadata, this new vulnerability reveals details about a user's mobile activity, such as the number of sent and received texts and calls, allowing IMSI-catcher operators to create profiles for each smartphone holder."

"For example, two other academic studies from French and Finnish researchers also found that IMSI-catcher attacks are still possible against the upgraded 5G-AKA protocol, despite 3GPP's claims."
ZDNet  cyber-spectrum  cybersecurity  spectrum-vulnerability  3G  4G  5G  StingRay  IMSI-catchers  3GPP 
february 2019 by pierredv
New 4G, 5G Network Flaw 'Worrisome' Oct 2017
"4G and 5G wireless networks' Evolved Packet Core (EPC) architecture can be exploited to intercept and collect mobile data as well as launch denial-of-service (DoS) attacks, according to new research. "
4G  5G  cybersecurity  cyber-spectrum 
december 2018 by pierredv
First independent 5G results: Hundreds of megabits, not gigabits - Sep 2018
"Pal Zarandy, an always interesting analyst, tested Elisa's "world's first" 5G network from inside his office and outside with line of sight. The results were as expected: 5G at 3.5 GHz and Massive MIMO performs about the same as a good 4G network."

"This is the dirty secret of "5G." Almost all the claimed new uses can be met with 4G. Anyone who doesn't know that should ask an engineer."
Dave-Burstein  5G  3.5GHz  4G 
september 2018 by pierredv
Pivotal, a startup with Bill Gates' support, lights up holographic beamforming | FierceWireless, Aug 2017
"Pivotal Commware, a startup that recently received $17 million in funding, is taking its proprietary holographic beamforming (HBF) to the streets, with plans to dramatically expand the capacity of existing 4G networks while becoming indispensable to the 5G rollout."

"Holographic refers to the fact that the HBF antenna is analogous to a holographic plate in an optical hologram; RF signals from a radio flow into the back of the antenna and scatter across its front, where tiny elements adjust the shape and direction of the beam."
4G  5G  antennas  mmWave 
august 2017 by pierredv
Qualcomm Technologies releases LTE drone trial results | Qualcomm May 2017
"Today, we are pleased to present the results of the first the first* comprehensive, systematic study of cellular system performance in networks serving low-altitude (400 feet above ground level and below) drones. The analysis supports the viability of 4G LTE commercial mobile networks for drones operating beyond visual line of sight (BVLOS) at 400 feet above ground level (AGL) and below."

"testing key performance indicators (KPIs) such as coverage, signal strength, throughput, latency, and mobility under various scenarios on commercial LTE networks."

"The field trial demonstrated that LTE networks can support safe drone operation in real-world environments. Our findings showed that existing commercial cellular networks can provide coverage to drones at low altitudes up to 400 feet AGL. Our test drones also showed seamless handovers between different base stations during flights. "
Qualcomm  drones  UAS  4G  LTE 
june 2017 by pierredv
Nokia and EE test drones armed with mini mobile base stations to revolutionise rural 4G coverage - Aug 2016
Nokia and EE test putting small cells on drones to provide temporary 4G coverage in hard-to-reach areas.
drones  cellular  4G  Nokia  EE 
april 2017 by pierredv
Automotive radar spectrum in 77 GHz band could work for 5G - PolicyTracker Feb 2015
"The 5G agenda is being pushed by vendors and the academic community, not mobile operators, Varrall told PolicyTracker. The market hype for the current 4G technology centres on data rates. But 4G only deploys easily in high average revenue per user (ARPU) markets such as Japan, the US and, to some extent, Europe, while in other, lower-ARPU markets, operators struggle to achieve return on investment in LTE." "Wi-Fi is increasingly capable and ubiquitous because it's cheap and there are only two bands (2.4 GHz and 5 GHz) to service. LTE, on the other hand, comes in many different flavours, creating a more complex supply chain that leads to fewer economies of scale" "So why 77 GHz? The band is in the middle of the E band allocations at 71-76 GHz and 81-86 GHz proposed for ultra-high bit rate wide area radio systems in the the US defence sector, Varrall said in a recent RTT "technology topic" paper on automotive radar."
PolicyTracker  Geoff-Varrall  Wi-Fi  4G  5G  77GHz 
february 2015 by pierredv
Innovation never stops …. | The Unwired People June 2013
"While each generation takes around 10 years to be standardized, it takes more than 40 years of fundamental research to accumulate sufficient technologies for each generation. "
trends  Jens  Zander  4G  LTE  innovation 
june 2013 by pierredv
Freeview telly test suggests 4G interference may not be a big deal • The Register
"A trial 4G network, covering 22,000 homes just left of Birmingham, only interfered with TV reception in 15 of them - paving the way for an interference-free rollout over the summer, we're told. The trial was conducted by at800, the organisation charged with spending £180m of cell network operator money to solve the problem. At800 wrote to all 22,000 homes asking them to watch for changes, and received 100 calls of which 15 could be attributed to 4G signals, and all those were fixed with a cheap filter."
cellular  4G  DTV  interference  UK  antennas 
april 2013 by pierredv
US LTE operators achieve 4G success by focusing on coverage and multi-device strategies - Insight - News | Analysys Mason Jan 2013
"US operators initially marketed LTE by highlighting its speed benefits, and kept the same pricing plans as 3G services in order to entice users onto the new networks, including customers on flat-rate plans. AT&T and Verizon have both shifted their pricing strategies in order to increase revenue. Initially, both operators largely eliminated flat-rate pricing plans in favour of tiered pricing, and in 2012 both operators implemented a multi-device, tiered data package pricing strategy. Operators are still adopting the strategy of 'no premium for LTE', with the only difference between a 3G subscription plan and an LTE plan being the device used. Instead of charging more for the LTE service, operators want to connect additional devices for a nominal fee (usually USD10–30) to encourage users to switch to larger data plans. This strategy appears to be working"
Verizon  cellular  speed  coverage  4G  MetroPCS  T-Mobile  AT&T  AnalysysMason 
january 2013 by pierredv
Ofcom | 4G set to deliver capacity gains of more than 200% over 3G.
Dr Stephen Unger, Chief Technology Officer at Ofcom said: “4G mobile technologies will be able to send more information than 3G, for a given amount of spectrum. This increased efficiency means that 4G networks will be able to support increased data rates and more users.

“The research that we commissioned indicates that early 4G mobile networks with standard configurations will be 3.3 times (230%) more spectrally efficient than today’s standard 3G networks. To put this in context, a user on an early 4G network will be able to download a video in around a third of the time it takes today on a 3G network[1]. It is anticipated that this efficiency will increase to approximately 5.5 times (450%) by 2020.”
spectrum  LTE  3G  4G  efficiency  ofcom 
october 2012 by pierredv
Vision of 5G Networks and Architecture | BEYOND 4G
"This is believed to be the first research paper that takes a view of 5G networks form the next generation telecommunication perspective. This research paper will show a personal view on 5G networks, especially for Operators, services providers and R&D group. Perception of “5G – The NanoCore” is based upon the convergence of existing technologies. This paper focus on developments and technologies that have the potential to be execute in present telecommunication system to shape a prospect of “5G – The NanoCore” network."
4G  5G  cellular  vision  trends  wireless  x:Beyond4G 
april 2012 by pierredv
Enabling reuse-1 in 4G Networks | BEYOND 4G
"New generation 4G systems like LTE and WIMAX is designed to support frequency reuse-1 mechanisms to enable a universal frequency reuse pattern providing operators with best achievable use of their valuable spectrum. Ever increasing interest is shown by companies and operators to find mechanisms to allow reuse1 deployments. This article will cover one of the key enabling technologies i.e. ICIC and its application in allowing universal use of Reuse 1 networks."
cellular  interference  wireless  4G  LTE 
april 2012 by pierredv
3G and 4G spectrum requirements: a question of balance - Janette Stewart, AnalysysMason
7 July 2011 Janette Stewart Senior Manager “We believe that models for estimating future spectrum requirements need to be reconsidered to take into account various interrelated market and economic factors.”
3G  4G  cellular  trends  ITU  ITU-R  WRC  AnalysysMason 
july 2011 by pierredv
Verizon Wireless CTO talks 4G, data consumption (Q&A) | Signal Strength - CNET News
"We have said we are in great shape in terms of spectrum through 2014 or even 2015."
verizon  spectrum  4G  via:StevenCrowley 
july 2011 by pierredv
Clearwire’s Shared 4G Coverage Map for 2010 -- Seeking Alpha
"Clearwire’s (CLWR) 4G WiMAX technology is spreading faster than a cold in a day care center. Within the recent months coverage has increased by over fifty percent. Already laying claim to 74 markets in the United States, Clearwire is championing the 4G technology realm with gusto. These 74 markets span across the entire country in 25 different states"
clearwire  4G  wireless  commerce  via:martinweiss 
november 2010 by pierredv

Copy this bookmark:

to read