“Rogue cellular devices” could allow attackers to block texts, intercept calls - and “black out” areas

Attacks which “hijack” calls and block phone services for individual phone users or even whole city areas are possible, using a “rogue device” to attack cellular networks, according to Berlin researchers.

The attacks target the older GSM network - used by AT&T and T-Mobile in the U.S. - and would allow attackers to block texts, redirect calls - and even block off mobile phone service in whole urban areas, according to Nico Golde, Kevin Redon and Jean-Pierre Seifert of Technische Universitat Berlin.

The attacks only require cellphones with modified software - programmed to react slightly faster than consumer devices to the requests which cellphone towers send out, thus blocking calls and messages from their intended recipients, according to ComputerWorld.

“We show the feasibility and the implementation of cellphone firmware which is capable to steal a short message over-the-air and to perform denial of service attacks against mobile terminated services in GSM networks,” the researchers say, in a paper presented at the recent Usenix conference, entitled Let Me Answer That For You.

“We eventually assess the boundary conditions for a large-scale paging response attack in order to cause denial of service conditions within a large geographical area of a major city.”

The researchers tested their attacks using modified Motorola devices against GSM networks in Berlin.

The researchers admit that “the limitations of currently available hardware and software” make it difficult to test the attack against more modern 4G networks such as LTE and UMTS, but claim that the “root causes” of the vulnerabilities are also present in those networks.

“Mobile telecommunication has become an important part of our daily lives,” the researchers write. “Yet, industry standards such as GSM often exclude scenarios with active attackers. Devices participating in communication are seen as trusted and non-malicious. By implementing our own baseband firmware based on OsmocomBB, we violate this trust and are able to evaluate the impact of a rogue device with regard to the usage of broadcast information.

“Attacks against mobile terminated services are a minority,” the researchers write. “The he undisturbed operation of telecommunication networks is traditionally based ontrust. The inherent trust that each subscriber and participant in communication plays by the rules. Nonetheless, due to several available and modifiable software andhardware projects for telecommunication, this trust relationship has to be considered broken.”