LTE Security Disabled — Misconfiguration in Commercial Networks

Merlin Chlosta, David Rupprecht, Thorsten Holz, Christina Pöpper

Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ’19), May 15–17, 2019, Miami, FL, USA, ACM


Long Term Evolution (LTE) is the de-facto standard for mobile communication. It provides effective security features but leaves room for misunderstandings in its configuration and implementation. In particular, providers face difficulties when maintaining network configurations.

In this paper, we analyze the security configuration of commercial LTE networks. We enhance the open baseband srsLTE with support for commercial networks and perform a subsequent analysis. In more detail, we test the security algorithm selection in a total of twelve LTE networks in five European countries. We expose four misconfigured networks and multiple cases of implementation issues. Three insecure networks fail to enforce integrity protection and encryption, which enables an adversary to impersonate victims towards the network. We provide a proof-of-concept attack in a live network, where the adversary obtains an IP address at the victim’s cost. Our work is an appeal to security as a holistic state, which requires not only secure specifications but also secure configurations.