CEL-3 · Mobile Threat Catalogue

Mobile Threat Catalogue

Downgrade Attacks via Rogue Base station


Threat Category: Cellular Air Interface


Threat Description:

Threat Origin

3G Security: Security Threats and Requirements (Release 4) 1

LTE Architecture Overview and Security Analysis (Draft NISTIR 8017) 2

LTE Security and Protocol Exploits 3

Exploit Examples

Researchers exploit cellular tech flaws to intercept phone calls 4

Every LTE call, text, can be intercepted, blacked out, hacker finds 5

CVE Examples

Not Applicable

Possible Countermeasures

Original Equipment Manufacturer

Ensure baseband firmware prevents the use of insecure cellular encryption algorithms

Mobile Network Operator

Use of application layer encryption technologies


  1. 3G Security; Security Threats and Requirements (Release 4), 3GPP TS 21.133 V4.0.0, 3rd Generation Partnership Project, 2003; www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/Old_Vsns/21133-400.pdf [Accessed 8/23/2016] 

  2. J. Cichonski, J.M. Franklin, and M. Bartock, LTE Architecture Overview and Security Analysis, Draft NISTIR 8071, National Institute of Standards and Technology, 2016; http://csrc.nist.gov/publications/drafts/nistir-8071/nistir_8071_draft.pdf [Accessed 8/23/2016] 

  3. R.P. Jover, LTE Security and Protocol Exploits, presented at ShmooCon, 3 Jan. 2016; www.ee.columbia.edu/~roger/ShmooCon_talk_final_01162016.pdf [accessed 8/23/2016] 

  4. J. Vijayan, “Researchers Exploit Cellular Tech Flaws to Intercept Phone Calls”, ComputerWorld, 1 Aug. 2013; http://www.computerworld.com/article/2484538/cybercrime-hacking/researchers-exploit-cellular-tech-flaws-to-intercept-phone-calls.html [accessed 8/23/2016] 

  5. D. Pauli, “Every LTE call, text, can be intercepted, blacked out, hacker finds”, The Register, 23 Oct 2016; http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/ [accessed 10/26/2016]