Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
New LTE vulnerabilities discovered by KAIST [pdf] (kaist.ac.kr)
112 points by brentonator on March 28, 2019 | hide | past | favorite | 13 comments


If you're looking for a good summary, this is the only article I was able to find: https://www.zdnet.com/article/researchers-find-36-new-securi...


Good technical summary is available here:

https://sites.google.com/view/ltefuzz


They tested against a live network. Pretty ballsy of the carriers who allowed it! A tip of my hat to them!

(They did it with carrier permission though, before you run off to replicate their findings)


Yeah KAIST is the top national research center and university in Korea. Korean tech companies always want to work with them.


Q1. Is dynamic testing of a commercial network allowed to researchers?

Probably not. Researchers should comply with any special legal requirements in their jurisdictions. Fortunately, for the purpose of inspecting and validating the vulnerabilities, two MNOs gave us a permission to conduct dynamic security testing on their testbed.


From my read, the research was carried out inside a test network provided by the telcos that agreed to help.


Both are correct.

If dangerous, we tested only inside testbed. If not, we tested on the real network.

All tests were permitted by two telcos.


Awesome!


I re-read section III.D and I think that either interpretation (yours or mine) could be derived from it. It is not clear.


Sorry for the terrible title. 36 new vulnerabilities were discovered, most of them denial of service it appears.


Are DoS attack vectors even relevant when LTE works over a wireless channel which itself is easily DoS'ed through signal jamming?

Why fix a vulnerability when other unfixable vulnerabilities of the same class exist?


* Some of the DoS methods can open up further vulnerabilities and explotations.

* Some of the DoS methods are bugs that could be triggered by normal equipment.

* Some of the DoS methods are easier to detect the source of. (i.e. it's a lot easier to detect and pinpoint a frequency jammer than a mobile phone sending invalid protocol messages)


Agreed. Local DoS is a complicated way to get the same result as jamming.

The approach has merits and value, but the novelty here is doing a LTE fuzzer and finding implementation bugs IMHO. Which is very useful, but the title may lead people to believe there are new weaknesses in the standard itself. There are some standard level attacks, but it's local DoS and already known as far as I can see.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: