Q1. Is dynamic testing of a commercial network allowed to researchers?
Probably not. Researchers should comply with any special legal requirements in their jurisdictions. Fortunately, for the purpose of inspecting and validating the vulnerabilities, two MNOs gave us a permission to conduct dynamic security testing on their testbed.
Agreed. Local DoS is a complicated way to get the same result as jamming.
The approach has merits and value, but the novelty here is doing a LTE fuzzer and finding implementation bugs IMHO. Which is very useful, but the title may lead people to believe there are new weaknesses in the standard itself. There are some standard level attacks, but it's local DoS and already known as far as I can see.
* Some of the DoS methods can open up further vulnerabilities and explotations.
* Some of the DoS methods are bugs that could be triggered by normal equipment.
* Some of the DoS methods are easier to detect the source of. (i.e. it's a lot easier to detect and pinpoint a frequency jammer than a mobile phone sending invalid protocol messages)
13 comments
[ 4.1 ms ] story [ 38.0 ms ] thread(They did it with carrier permission though, before you run off to replicate their findings)
If dangerous, we tested only inside testbed. If not, we tested on the real network.
All tests were permitted by two telcos.
Probably not. Researchers should comply with any special legal requirements in their jurisdictions. Fortunately, for the purpose of inspecting and validating the vulnerabilities, two MNOs gave us a permission to conduct dynamic security testing on their testbed.
https://sites.google.com/view/ltefuzz
Why fix a vulnerability when other unfixable vulnerabilities of the same class exist?
The approach has merits and value, but the novelty here is doing a LTE fuzzer and finding implementation bugs IMHO. Which is very useful, but the title may lead people to believe there are new weaknesses in the standard itself. There are some standard level attacks, but it's local DoS and already known as far as I can see.
* Some of the DoS methods are bugs that could be triggered by normal equipment.
* Some of the DoS methods are easier to detect the source of. (i.e. it's a lot easier to detect and pinpoint a frequency jammer than a mobile phone sending invalid protocol messages)