A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications
- Type
- Paper
- Tags
- GSM, phone
- Authors
- David Perez, Jose Pico
- Event
- Black Hat DC 2011
- Indexed on
- Mar 27, 2013
- URL
- https://media.blackhat.com/bh-dc-11/Perez-Pico/BlackHat_DC_2011_Perez-Pico_Mobile_Attacks-wp.pdf
- File name
- BlackHat_DC_2011_Perez-Pico_Mobile_Attacks-wp.pdf
- File size
- 1.3 MB
- MD5
- 1052b7d333e10b16630741696bcc2186
- SHA1
- 01f7b451511af1a6cbf018075e1ca9154c1da090
In this presentation we will show a practical attack against GPRS, EDGE, UMTS and HSPA (2G/3G) mobile data communications. We will demonstrate that an attacker with a budget of less than $10,000 can set up a rogue BTS, make the victim devices connect to such BTS, and gain full control over the victim's data communications. Two vulnerabilities make the attack possible: first, the absence of mutual authentication in GPRS and EDGE (2G), which makes GPRS and EDGE devices completely vulnerable to this attack, and second, the mechanism implemented on most UMTS and HSPA (3G) devices that makes them fall back to GPRS and EDGE when UMTS or HSPA are not available, which makes it possible to extend the attack to these 3G devices.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
