Detach Me Not - DoS Attacks Against 4G Cellular Users Worldwide from your Desk

Presented at Black Hat Europe 2016, Nov. 4, 2016, 10:45 a.m. (60 minutes)

Ever since the public revelation of global surveillance and the exploits targeting the mobile communication backend, the general awareness of security and privacy in telecommunication industry has increased. Misusing the technical features of mobile core network technology - specifically the Signaling System 7 (SS7) - has disclosed numerous ways to locate, track and manipulate the routine cellular activities of cellphone users. In fact, the SMS-based key recovery mechanism becoming vulnerable because of the SS7 vulnerabilities. <br><br> Many mobile network operators rush to upgrade their networks to 4G/LTE from 2G and 3G, not only to improve the service, but also the security. With relatively more security and privacy features, Diameter protocol - the successor of SS7 in Long Term Evolution (LTE) networks are believed to guarantee more protection to the network itself and to the end-users. However, Diameter inherits many functionalities and traits of the SS7 network. Therefore, some attacks are also possible there e.g. location tracking in LTE by abusing the Diameter-based interconnection. <br><br>In this talk, we dig deeper into the Diameter interconnection to uncover the Denial of Service (DoS) attacks to detach targeted mobile phone users from the network and disrupt the network nodes. We first discuss the current status of interconnection or mobile telephony core network security, followed by outlining several DoS attacks against targeted users and the LTE network itself. We discuss the practicalities of such attacks with the help of live/recorded demo, network logs and wireshark traces during this talk. Our proposed solution includes improvised measures in the interconnection edge nodes, proper security configurations in LTE networks and strategies for improvising filtering policies of firewalls that defend the system from roaming abuses.


  • Siddharth Rao - Security Researcher, Aalto University
    Siddharth (Sid) Rao is a Ph.D student in the 'Secure systems' research group of Aalto University, Finland. He specializes in the security analysis of communication protocols and his current interest lies in pedagogical study of the evolution of telecommunication core protocols (e.g. SS7 and Diameter). He is a past Erasmus Mundus fellow and holds double master's degrees from Aalto University, Finland (Information and Network Security) and University of Tartu, Estonia (Cryptography). He is currently a Ford-Mozilla Open Web Fellow at European Digital Rights (EDRi), where he will help define policies related to data protection, surveillance, copyright, and network neutrality.
  • Dr. Silke Holtmanns - Security Specialist, Bell Labs Nokia
    Dr Silke Holtmanns is a security specialist in Bell Labs Nokia. She has been researching and designing cellular security for 16 years. She has been standardizing 3GPP security for 10 years and is rapporteur of many 3GPP security standards. She has authored over 50 cellular security publications and authored book chapters and a book. Currently, she investigates new SS7 and diameter attacks to cellular networks and countermeasures.
  • Bhanu Kotte - Security Researcher, Bell Labs Nokia
    Bhanu Kotte is a newly graduated master student from Aalto University majoring in Security and Mobile Computing. He is an early stage researcher and is currently working as an intern in Nokia Bell Labs. He is an Erasmus Mundus scholarship holder and is passionate about Network Security. His current research work includes Diameter attacks in LTE networks and their mitigation techniques.


Similar Presentations: