Threat Category: Cellular Air Interface
ID: CEL-0
Threat Description: An attacker intercepts traffic between a mobile device and a base station. (E.g., unencrypted data is intercepted over the air during the cellular phone and base station’s radio communications.)
Threat Origin
3G Security: Security Threats and Requirements (Release 4) 1
LTE Architecture Overview and Security Analysis (Draft NISTIR 8071) 2
Exploit Examples
CVE Examples
Not Applicable
Possible Countermeasures
Use of a ciphering indicator in the interface of the mobile device to inform the user as to whether or not user data (e.g. voice calls, SMS/MMS messages, data) are being encrypted.
Mobile OS DeveloperUse of a ciphering indicator in the interface of the mobile device to inform the user as to whether or not user data (e.g. voice calls, SMS/MMS messages, data) are being encrypted.
Mobile Network OperatorNetwork level air interface encryption for user-plane traffic.
Mobile Device UserTo prevent an attacker who intercepts traffic on the unencrypted channel between a mobile device and a base station, use a mobile VPN or another third-party over-the-top encryption solution to encrypt data prior to transmission over the air interface.
EnterpriseTo prevent an attacker who intercepts traffic on the unencrypted channel between a mobile device and a base station, use a mobile VPN or another third-party over-the-top encryption solution to encrypt data prior to transmission over the air interface.
References
3G Security; Security Threats and Requirements (Release 4), 3GPP TS 21.133 V4.0.0, 3rd Generation Partnership Project, 2003; www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/Old_Vsns/21133-400.pdf [Accessed 8/23/2016] ↩
J. Cichonski, J.M. Franklin, and M. Bartock, NIST Special Publication 800-187: Guide to LTE Security, National Institute of Standards and Technology, 2017; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf [Accessed 3/29/2022] ↩
K. Nohl, Attacking Phone Privacy, presented at Blackhat, 29 July 2010; https://media.blackhat.com/bh-ad-10/Nohl/BlackHat-AD-2010-Nohl-Attacking-Phone-Privacy-wp.pdf [accessed 8/23/2016] ↩
U. Meyer and S. Wetzel, “A Man-in-the-Middle Attack on UMTS”, Proceedings of the 3rd ACM workshop on Wireless security, 2004, pp. 90-97; http://dx.doi.org/10.1145/1023646.1023662 [accessed 8/23/2016] ↩