Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane

Jan 1, 2019ยท
Hongil Kim
,
Jiho Lee
,
Eunkyu Lee
,
Yongdae Kim
ยท 1 min read

Impact

Immediately after the paper is published online, we’ve received inquiries from many operators such as Deutche Telecom, Google Project Fi, Singtel, etc if we can visit their site to test their networks. Unfortunately, we could not provide service to commercial operators, as students did not want to provide commercial services. We’ve also communicated with device vendors such as Apple, Samsung, Qualcomm, LG, Huawei, and Ericsson helping their patching process. Cellular security companies such as P1Security and Positive Technologies now provide protocol security testing as we did in LTEFuzz. We have received two CVEs (CVE-2019-20783 from LG and CVE-2019-5307 from Huawei.) This was also featured in multple media outlets, such as ZDNet, SecurityWeek, Huawei, Engadget, Tech Xplore, Security Affairs, E-Crypto, Cybersecurity Insiders, Israel Defense, ITPro, UK, TGDaily, Gizmodo, and DailyMail, UK. LTEFuzz paper was discussed in three SA3 meetings: TSGS3_95_Reno (S3-191230), TSGS3_97_Reno (S3-194063). TSGS3_101e (S3-202878).

Media Coverage

  • ZDNet
  • SecurityWeek
  • Huawei
  • Engadget
  • Tech Xplore
  • Security Affairs
  • E-Crypto
  • Cybersecurity Insiders
  • Israel Defense
  • ITPro
  • UK
CVE-2019-20783 CVE-2019-5307
Authors
Hongil Kim
Authors
Jiho Lee
Authors
Eunkyu Lee
Authors
Yongdae Kim