
New LTE vulnerabilities discovered by KAIST [pdf] - brentonator
https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf
======
ccnafr
If you're looking for a good summary, this is the only article I was able to
find: [https://www.zdnet.com/article/researchers-find-36-new-
securi...](https://www.zdnet.com/article/researchers-find-36-new-security-
flaws-in-lte-protocol/)

------
yongdaek
Good technical summary is available here:

[https://sites.google.com/view/ltefuzz](https://sites.google.com/view/ltefuzz)

------
dmitrygr
They tested against a live network. Pretty ballsy of the carriers who allowed
it! A tip of my hat to them!

(They did it with carrier permission though, before you run off to replicate
their findings)

~~~
ccnafr
From my read, the research was carried out inside a test network provided by
the telcos that agreed to help.

~~~
yongdaek
Both are correct.

If dangerous, we tested only inside testbed. If not, we tested on the real
network.

All tests were permitted by two telcos.

~~~
dmitrygr
Awesome!

------
brentonator
Sorry for the terrible title. 36 new vulnerabilities were discovered, most of
them denial of service it appears.

~~~
londons_explore
Are DoS attack vectors even relevant when LTE works over a wireless channel
which itself is easily DoS'ed through signal jamming?

Why fix a vulnerability when other unfixable vulnerabilities of the same class
exist?

~~~
noselasd
* Some of the DoS methods can open up further vulnerabilities and explotations.

* Some of the DoS methods are bugs that could be triggered by normal equipment.

* Some of the DoS methods are easier to detect the source of. (i.e. it's a lot easier to detect and pinpoint a frequency jammer than a mobile phone sending invalid protocol messages)

