±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 33061
New Yesterday: 3 Visitors: 198

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

HeNB - eNB handover breach

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

HeNB - eNB handover breach

Post Posted: Sat Jul 15, 2017 7:09 am

Who did investigate a case of LTE Rel. 11 HeNB (enterprise deployment) handover breach? The HeNB can either by int S1 (HeNB GW or MME/S-GW) or X2 (nHeNB [n=neidgbour] or X2 GW) handovering.

A suspect was able spoof access control and jumped by MITM into a session with spoofed IMEI/AirInterfaceMAC. Not a mobile but an appliance like LTE modem.

Highly confusing case as only Cat. 8 (LTE-A) on the market. Cracy sophisticated probably.

DFCs! by answering pls.  

RolfGutmann
Senior Member
 
 
  

Re: HeNB - eNB handover breach

Post Posted: Sat Jul 15, 2017 8:43 am

JFYI the LTE Positioning Protocol LPP terminates at a HeNB and not at the Mobile Station MS which causes the well known problem for emergency services to find the MS (person) if originated over HeNB.  

RolfGutmann
Senior Member
 
 
  

Re: HeNB - eNB handover breach

Post Posted: Mon Jul 17, 2017 8:47 am

Sorry, I only understand train station. Shocked  

SamBrown
Senior Member
 
 
  

Re: HeNB - eNB handover breach

Post Posted: Mon Jul 17, 2017 9:42 am

- SamBrown
Sorry, I only understand train station. Shocked


That would probably be a FS Fixed Station, not a MS Mobile Station, where the MS (person) should be found. Wink

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: HeNB - eNB handover breach

Post Posted: Tue Jul 18, 2017 6:45 am

@SamBrown

A suspect was able to hack into a running handover process of a HeNB (aka FemtoCell). On the HeNB a machine data transmitting over LTE-A up to a Packet Data Network PDN. The data upload broke down but in the MNOs session the upload continued by a MITM attack.

As the suspect did not proper authenticate by his USIM it is actually unknown who the suspect was but he missused the running session of the regularly authenticated machine (user).

Have to mention the HeNB was not stationary but in a vehicle.  

RolfGutmann
Senior Member
 
 

Page 1 of 1