AdaptOver: Persistent DoS and IMSI Extraction from 3.8km away
dl.acm.orgHi, we‘re happy to present AdaptOver this Thursday in Sydney, Australia at the MOBICOM conference.
We use overshadowing, in particular on the uplink, to create a new set of attacks that turn a legitimate base station into an attacker’s asset.
With AdaptOver, an attacker doesn’t use a fake base station. This marks a new attack paradigm that has to be taken into account when developing and evaluating countermeasures or new protocols.
Happy to answer any questions!
When you trigger an UE, does it happen from the cellular mobile device or the cell tower? I assume the mobile device.
In either case, I would imagine it requires a directional and high-gain setup to reach 3,8km. Does that not limit the potential of the attack vector on large scale?
The attacks are designed to only require downlink information, so they‘re triggered by the base station.
In fact, this is in practice the only range limitation of the system - wherever the downlink could be decoded, the attack worked.
In the paper you can see that the attack over 3.8km worked with an omnidirectional antenna and required only very little output power.