Threat Category: Cellular Air Interface
ID: CEL-9
Threat Description: The preshared symmetric keys used for communication by the subscriber network and the mobile device are stolen from either the Universal Integrated Circuit Card (UICC) or Subscriber Identity Module (SIM). These keys may be stolen during the provisioning process. With access to these keys, it enables an attacker to decrypt subscriber network to mobile device communications or impersonate the mobile device.
Threat Origin
LTE Architecture Overview and Security Analysis (Draft NISTIR 8071) 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Ensure that baseline industry recommended practices are implemented and validated
References
J. Cichonski, J.M. Franklin, and M. Bartock, NIST Special Publication 800-187: Guide to LTE Security, National Institute of Standards and Technology, 2017; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-187.pdf [Accessed 3/29/2022] ↩