Mobile Threat Catalogue

Air Interface Eavesdropping

Contribute

Threat Category: Cellular Air Interface

ID: CEL-0

Threat Description: An attacker intercepts traffic between a mobile device and a base station. (E.g., unencrypted data is intercepted over the air during the cellular phone and base station’s radio communications.)

Threat Origin

3G Security: Security Threats and Requirements (Release 4) 1

LTE Architecture Overview and Security Analysis (Draft NISTIR 8071) 2

Exploit Examples

Attacking phone privacy 3

A man-in-the-middle attack on UMTS 4

CVE Examples

Not Applicable

Possible Countermeasures

Original Equipment Manufacturer

Use of a ciphering indicator in the interface of the mobile device to inform the user as to whether or not user data (e.g. voice calls, SMS/MMS messages, data) are being encrypted.

Mobile OS Developer

Use of a ciphering indicator in the interface of the mobile device to inform the user as to whether or not user data (e.g. voice calls, SMS/MMS messages, data) are being encrypted.

Mobile Network Operator

Network level air interface encryption for user-plane traffic.

Mobile Device User

To prevent an attacker who intercepts traffic on the unencrypted channel between a mobile device and a base station, use a mobile VPN or another third-party over-the-top encryption solution to encrypt data prior to transmission over the air interface.

Enterprise

To prevent an attacker who intercepts traffic on the unencrypted channel between a mobile device and a base station, use a mobile VPN or another third-party over-the-top encryption solution to encrypt data prior to transmission over the air interface.

References

  1. 3G Security; Security Threats and Requirements (Release 4), 3GPP TS 21.133 V4.0.0, 3rd Generation Partnership Project, 2003; www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/Old_Vsns/21133-400.pdf [Accessed 8/23/2016] 

  2. J. Cichonski, J.M. Franklin, and M. Bartock, NIST Special Publication 800-187: Guide to LTE Security, National Institute of Standards and Technology, 2017; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf [Accessed 3/29/2022] 

  3. K. Nohl, Attacking Phone Privacy, presented at Blackhat, 29 July 2010; https://media.blackhat.com/bh-ad-10/Nohl/BlackHat-AD-2010-Nohl-Attacking-Phone-Privacy-wp.pdf [accessed 8/23/2016] 

  4. U. Meyer and S. Wetzel, “A Man-in-the-Middle Attack on UMTS”, Proceedings of the 3rd ACM workshop on Wireless security, 2004, pp. 90-97; http://dx.doi.org/10.1145/1023646.1023662 [accessed 8/23/2016]