Threat Category: Cellular Air Interface
ID: CEL-5
Threat Description: A mobile device is prevented from connecting to a legitimate base station. A Denial of Service (DoS) attack is implemented by sending an ATTACH REJECT from a rogue base station, causing the mobile device to no longer attach to any base station, legitimate or otherwise. The situation can continue until a hard reboot of the mobile device takes place.
Threat Origin
LTE Architecture Overview and Security Analysis (Draft NISTIR 8071) 1
LTE Security and Protocol Exploits 2
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Ensure that the behavior of a mobile device’s chipset in these conditions is understood before relying on cellular communication in critical situations.
In anticipation of a potential denial-of-service attack on the air interface of devices, establish contingency plans for continued operations, such as use of alternative communication channels.
Baseband DeveloperEnsure that the behavior of a mobile device’s chipset in these conditions is understood before relying on cellular communication in critical situations.
References
J. Cichonski, J.M. Franklin, and M. Bartock, NIST Special Publication 800-187: Guide to LTE Security, National Institute of Standards and Technology, 2017; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf [Accessed 3/29/2022] ↩
R.P. Jover, LTE Security and Protocol Exploits, presented at ShmooCon, 3 Jan. 2016; www.ee.columbia.edu/~roger/ShmooCon_talk_final_01162016.pdf [accessed 8/23/2016] ↩