The still-live attacks were demonstrated at the Ruxcon hacking confab in Melbourne this weekend, with the demo offering a recording of the hack perpetrated in part on a live network. It exploits fall-back mechanisms designed to ensure continuity of phone services in the event of overloads.
The tested Frequency Division Duplexing LTE network is more popular than TDD-LTE and operates in Britain, the US, and Australia. The competing Time Division Duplexing (TDD) LTE network is more common in Asian countries and in regions where population densities are higher. Zhang conducted further tests after The Register inquired whether the attacks would work against TDD-LTE and found all LTE networks and devices are affected.
"I asked my colleagues to test TDD-LTE yesterday and it works well, so it really can work against all LTE devices," Zhang says.
"This attack exists [and] it's still reasonable."
...Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity.
“You can create a denial of service attack against cellphones by forcing phones into fake networks with no services,” Zhang told the conference.
“You can make malicious calls and SMS and … eavesdrop on all voice and data traffic.” more