Who did investigate a case of LTE Rel. 11 HeNB (enterprise deployment) handover breach? The HeNB can either by int S1 (HeNB GW or MME/S-GW) or X2 (nHeNB [n=neidgbour] or X2 GW) handovering.
A suspect was able spoof access control and jumped by MITM into a session with spoofed IMEI/AirInterfaceMAC. Not a mobile but an appliance like LTE modem.
Highly confusing case as only Cat. 8 (LTE-A) on the market. Cracy sophisticated probably.
DFCs! by answering pls.
JFYI the LTE Positioning Protocol LPP terminates at a HeNB and not at the Mobile Station MS which causes the well known problem for emergency services to find the MS (person) if originated over HeNB.
Sorry, I only understand train station. 😯
Sorry, I only understand train station. 😯
That would probably be a FS Fixed Station, not a MS Mobile Station, where the MS (person) should be found. wink
jaclaz
A suspect was able to hack into a running handover process of a HeNB (aka FemtoCell). On the HeNB a machine data transmitting over LTE-A up to a Packet Data Network PDN. The data upload broke down but in the MNOs session the upload continued by a MITM attack.
As the suspect did not proper authenticate by his USIM it is actually unknown who the suspect was but he missused the running session of the regularly authenticated machine (user).
Have to mention the HeNB was not stationary but in a vehicle.