Hi, we‘re happy to present AdaptOver this Thursday in Sydney, Australia at the MOBICOM conference.
We use overshadowing, in particular on the uplink, to create a new set of attacks that turn a legitimate base station into an attacker’s asset.
With AdaptOver, an attacker doesn’t use a fake base station. This marks a new attack paradigm that has to be taken into account when developing and evaluating countermeasures or new protocols.
I presume from showing something they've worked hard to discover and research. Even if their work may be used maliciously, it's better to be out in the open so that our communications systems can be made more robust, than to leave it in the dark to be exploited at a later date for nefarious and/or strategic reasons.
For an example, see the bricking of Viasat's satellite internet terminals in and around Ukraine at the onset of the Russian invasion of Ukraine as part of the greater Russo-Ukrainian war[1]. If someone had discovered that vulnerability before, and been "happy" to present it, perhaps it could have been avoided.
This kind of security research into structures and services that millions of people rely on every day is of utmost importance to keep our society safe from malicious actors.
When you trigger an UE, does it happen from the cellular mobile device or the cell tower? I assume the mobile device.
In either case, I would imagine it requires a directional and high-gain setup to reach 3,8km. Does that not limit the potential of the attack vector on large scale?
6 comments
[ 3.9 ms ] story [ 49.1 ms ] threadWe use overshadowing, in particular on the uplink, to create a new set of attacks that turn a legitimate base station into an attacker’s asset.
With AdaptOver, an attacker doesn’t use a fake base station. This marks a new attack paradigm that has to be taken into account when developing and evaluating countermeasures or new protocols.
Happy to answer any questions!
For an example, see the bricking of Viasat's satellite internet terminals in and around Ukraine at the onset of the Russian invasion of Ukraine as part of the greater Russo-Ukrainian war[1]. If someone had discovered that vulnerability before, and been "happy" to present it, perhaps it could have been avoided.
This kind of security research into structures and services that millions of people rely on every day is of utmost importance to keep our society safe from malicious actors.
[1]https://www.reuters.com/world/europe/exclusive-us-spy-agency...
In either case, I would imagine it requires a directional and high-gain setup to reach 3,8km. Does that not limit the potential of the attack vector on large scale?
In fact, this is in practice the only range limitation of the system - wherever the downlink could be decoded, the attack worked.
In the paper you can see that the attack over 3.8km worked with an omnidirectional antenna and required only very little output power.