dslreports logo
site
spacer

spacer
 
   
spc
story category
$650 Attack Could Wipe Out City's LTE Network
Virginia Tech Researchers Highlight Vulnerability in NTIA Filing
by Karl Bode 06:32PM Wednesday Nov 14 2012
A new study has found that with a laptop, a $650 transmitter and a little elbow grease, one solitary person could fairly easily bring down a large portion of a city's LTE network. According to MIT Technology Review, researchers at Virginia Tech disclosed that LTE networks are particularly susceptible to large-scale jamming in a filing (pdf) with the National Telecommunications and Information Administration. The NTIA is fielding input on the building of LTE emergency networks. "Picture a jammer that fits in a small briefcase that takes out miles of LTE signals—whether commercial or public safety," says lead researcher Jeff Reed. Add a small power amplifier to the equation, says Reed, and an attacker could take out an even larger area of coverage with an attack that's very difficult to defend against.

view:
topics flat nest 

KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK

Pretty sure a single Jammer would be easy to find

The problem would be multiple jammers scattered throughout a city and being cycled on and off.

So what would really be the point of such an attack?

Make everyone experience AT&T's typical service?
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini

jimk
Premium
join:2006-04-15
Raleigh, NC
Reviews:
·Time Warner Cable

Re: Pretty sure a single Jammer would be easy to find

said by KrK:

So what would really be the point of such an attack?

Terrorists, for one, would love to be able to easily disrupt communications over a wide area. This is especially true if they can disrupt Government, public safety / first responders, etc.

Any wireless signal can be jammed, but in this case it appears to be easier and much more effective than with older technologies. Specifically, it takes less power to cover a larger area.

KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK

Re: Pretty sure a single Jammer would be easy to find

I think Terrorists would rather make a big explosion then knock out everyone's internet on their phones temporarily.

If they could set up jammers to do this, they could also be planting bombs. I'd think they like the latter.

For example, which situation would appeal to a terrorist more: Knocking out LTE in an area, or: Bombing the power station and knocking out EVERYTHING in an area.
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini

jimk
Premium
join:2006-04-15
Raleigh, NC
Reviews:
·Time Warner Cable

Re: Pretty sure a single Jammer would be easy to find

Jamming the communications networks would be secondary to a primary attack (the big explosion)... just a way to create more chaos and slow down the response. That's why there is concern over emergency communication networks moving to a technology that may be more vulnerable to attack. At this point, however, it is too soon to tell if this is a significant threat or not.
pandora
Premium
join:2001-06-01
Outland
kudos:2
Reviews:
·ooma
·Google Voice
·Comcast
·Future Nine Corp..

Re: Pretty sure a single Jammer would be easy to find

said by jimk:

Jamming the communications networks would be secondary to a primary attack (the big explosion)... just a way to create more chaos and slow down the response. That's why there is concern over emergency communication networks moving to a technology that may be more vulnerable to attack. At this point, however, it is too soon to tell if this is a significant threat or not.

Couldn't a country potentially use low earth satellites to shut down large areas of LTE? From the device specification, not a lot of power is needed.

Imagine China shutting down most US and European cell functionality concurrent with a move somewhere? Or worse, a country like Iran or North Korea jamming U.S. cellular as an annoyance / provocation. Taking out low earth satellites is within our capability, but it can be messy and can cause issues for years with regards to future launches (more debris in space).

It isn't just a non-national group of terrorists who could exploit this.

Maybe LTE needs to be rethought if possible, to tighten it up against the identified weaknesses.
--
"If you put the federal government in charge of the Sahara Desert, in 5 years there'd be a shortage of sand." - Milton Friedman"

KJP

@sbcglobal.net
Glad I don't have 4G, thank you Sprint. Do the jammers work on 3G?
CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

Re: Pretty sure a single Jammer would be easy to find

Yes, there are jammers for 3G

»www.geekalerts.com/high-power-gp···-jammer/

morbo
Complete Your Transaction

join:2002-01-22
00000

How is this different than regular cell phone jamming?

I know that cell phone jammers are common in Europe, but this sounds like it is more a horrible flaw in LTE. Yet another reason to get the Nexus 4?
kaila

join:2000-10-11
Lincolnshire, IL

Re: How is this different than regular cell phone jamming?

I'm not sure that it is any different, except that LTE has some weak links within the spec (the article mentions control instructions that are a crucial part of LTE transmissions). Because of LTE's weak points the article seems to infer that it wouldn't take as much power, or require a less sophisticated jammer, to disrupt a tower or towers running LTE compared to a 3G or 2G network.

nothing00

join:2001-06-10
Centereach, NY

Re: How is this different than regular cell phone jamming?

Sounds like typical SCADA engineering practices. Just enough engineering to get it to do what they want under ideal circumstances...
InvalidError

join:2008-02-03
kudos:5
I doubt there is any effective way of guarding against such attacks.

LTE and newer wireless standards are focusing on speed per MHz of spectrum per watt since spectrum costs a fortune per MHz at government auctions. Optimizing in that direction cuts into SNR margins and noise tolerance. LTE can cope with normal noise spikes using forward error correction but deliberate jamming, either brute-force or interactive, can knock out almost any narrow-band network.

If you want a rugged wireless connection, you have to use wider channels, spread-spectrum modulation and lower symbol loading. Unfortunately, all of these significantly reduce efficiency and speed.

KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK

Re: How is this different than regular cell phone jamming?

It also suggests that moving infrastructure like traffic signaling or emergency responders onto LTE exclusively is a very bad idea.
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini
InvalidError

join:2008-02-03
kudos:5

Re: How is this different than regular cell phone jamming?

said by KrK:

It also suggests that moving infrastructure like traffic signaling or emergency responders onto LTE exclusively is a very bad idea.

The MIT guys just happened to find a particular jamming sequence that was unusually effective. Other researchers will probably revisit other networks and find similar kryptonite for them.

KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK

Re: How is this different than regular cell phone jamming?

Certain Infrastructure should always be hardwired.

It only brings up the same point again that wireless from a security standpoint is a risk. It may be easier and cheaper to control your traffic networks (or other networks) wirelessly... but that sets you up for the system to be compromised or jammed.
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini
InvalidError

join:2008-02-03
kudos:5

Re: How is this different than regular cell phone jamming?

Security-wise, wireless can be as secure as wired when properly encrypted. Critical wired infrastructure still needs to be adequately encrypted to prevent people from tapping into the wire and hijacking control.

For jamming, no miracle there... but unless you want to put a 1000km wire spool in every vehicle, hard-wiring them would not be practical
moonpuppy

join:2000-08-21
Glen Burnie, MD

Re: How is this different than regular cell phone jamming?

said by InvalidError:

Security-wise, wireless can be as secure as wired when properly encrypted. Critical wired infrastructure still needs to be adequately encrypted to prevent people from tapping into the wire and hijacking control.

For jamming, no miracle there... but unless you want to put a 1000km wire spool in every vehicle, hard-wiring them would not be practical

Who cares how secure it is because when you jam the signal, it still doesn't work. And I bet you could get a few hundred people running around with jammers in their vehicles. Think New York City and its fleet of cabs. Quite a few foreigners driving them and just enough of them with a grudge against the US could mean a very bad day for NYC.
InvalidError

join:2008-02-03
kudos:5

Re: How is this different than regular cell phone jamming?

said by moonpuppy:

Who cares how secure it is because when you jam the signal, it still doesn't work.

Most signaling infrastructure is autonomous and only needs communication to change its programming and report BIST or other results. If the communication is jammed, this is a non-issue but if it gets hacked, it can be a much worse issue so security is more important than jamming there.

Since it is not practical to wire moving vehicles, those have no choice but to use some form of wireless just like they have always been, not much of a change there. If LTE is jammed, they just have to fall back on their CB radios and punch things down by hand. If CB radio is jammed as well, they are no better/worse off than without LTE.
moonpuppy

join:2000-08-21
Glen Burnie, MD

Re: How is this different than regular cell phone jamming?

said by InvalidError:

Most signaling infrastructure is autonomous and only needs communication to change its programming and report BIST or other results. If the communication is jammed, this is a non-issue but if it gets hacked, it can be a much worse issue so security is more important than jamming there.

Since it is not practical to wire moving vehicles, those have no choice but to use some form of wireless just like they have always been, not much of a change there. If LTE is jammed, they just have to fall back on their CB radios and punch things down by hand. If CB radio is jammed as well, they are no better/worse off than without LTE.

Wrong, if you disrupt enough nodes, the communication system will start failing and data will move very slowly through less and less nodes creating choke points.

And how many people still use CB? Even if people had them, their range is minimal and with a bunch of people going nuts, that will become useless in minutes.
Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1

Re: How is this different than regular cell phone jamming?

not to mention those choked nodes could go down just from load itself. Going to guess even enterprise class routers have a fail point
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports
InvalidError

join:2008-02-03
kudos:5
said by moonpuppy:

And how many people still use CB?

Just about every emergency response service (police, firefighters and ambulances) still does rely on CB for dispatching and reporting. I doubt governments will ditch spectrum reserved for emergency services any time soon.
CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

Re: How is this different than regular cell phone jamming?

CB is a particular public radio band... public safety doesn't use it. They monitor it in some localities for emergencies but they don't use it for communications. You are thinking simply of 2-way radios.
moonpuppy

join:2000-08-21
Glen Burnie, MD
said by InvalidError:

Just about every emergency response service (police, firefighters and ambulances) still does rely on CB for dispatching and reporting. I doubt governments will ditch spectrum reserved for emergency services any time soon.

Not even close. As explained, CB is a public use band.

And ask NYPD and NYFD how their systems worked on 9/11 when they lost the WTC complex. Most of their fancy digital communications were rendered useless in a matter of a couple of hours.

KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
You can encrypt it, yes... but it still can be jammed.
hoyleysox
Premium
join:2003-11-07
Long Beach, CA

Manufacturing risk

Was just thinking that someone would be more likely to put it in someone else's new TV or PC than they would their own briefcase.

KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK

1 recommendation

Re: Manufacturing risk

Imagine the scenario where a major electronics manufacturer, under orders from their Government, started installing a micro jammer in the circuit boards of consumer electronics they manufacture and get exported to countries worldwide under various brand names.

Then, when they receive a certain command signal they could all could begin operation simultaneously... or in certain areas only... or only at certain times, at will of said Government.
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini
hoyleysox
Premium
join:2003-11-07
Long Beach, CA

Re: Manufacturing risk

that too. Thinking about tip-towing into this again: »www.arrl.org/ham-radio-licenses
CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

Undoubtedly

I said this like a year ago:

»Re: Verizon will no longer expand FIOS.....

There is simply no way to ensure this won't happen. The carriers will probably lobby for some special felony anti-jammer and pretend everything is fine... anyone who actually believes it is extraordinarily naive.

jimk
Premium
join:2006-04-15
Raleigh, NC

Re: Undoubtedly

Already illegal
»www.fcc.gov/encyclopedia/jamming···inst-law
Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1

Re: Undoubtedly

I think they even catch a stationary jammer once and awhile.

Going to figure the FCC would never catch someone who stuffed a portable battery unit into their purse and flipped it on at the local Multiplex and flipped it off when the movie ended. (Does not change it from being criminal of course, Just that operation to response time would be greater than the length of a film.)

Sad thing is I bet the FCC that we know today would respond to someone seeing boobs on Network TV first and then look into their actual job of protecting the radio spectrum in the US.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports

jimk
Premium
join:2006-04-15
Raleigh, NC
Reviews:
·Time Warner Cable

Re: Undoubtedly

said by Kearnstd:

Sad thing is I bet the FCC that we know today would respond to someone seeing boobs on Network TV first and then look into their actual job of protecting the radio spectrum in the US.

Like most Government agencies, they have drifted far away from their original purpose.
CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2
said by jimk:

Already illegal

True but that has never stopped them from enacting laws before! As soon as the first unexplained outages start, the carriers will go nuts and demand new laws.
pittpete1

join:2009-06-12

Yes lets move everything to wireless

Verizon, you hear me now?

cork1958
Cork
Premium
join:2000-02-26

Did anyone ever doubt this?

With as fast as stuff is deployed and as eager/greedy as people are for it, do you think even for a moment, anyone was to concerned about the security of the stuff?

It's all about the demand by over eager consumers and the total greed of businesses/CEO's/stock holders to crank the supply out!
--
The Firefox alternative.
»www.mozilla.org/projects/seamonkey/

dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
Reviews:
·Comcast

Well at the very least, that's interesting.

Government agencies don't use the public networks for their business. They have savvy and complex antenna networks throughout each state. Their digital radios are very nice for vocal communication. Encrypted too.

Knocking out the public DATA network briefly is not that big of a deal. Well maybe for kids who forget their phones can be used for speech...
--
dnoyeB
"Then said I, Wisdom [is] better than strength: nevertheless the poor man's wisdom [is] despised, and his words are not heard. " Ecclesiastes 9:16

norbert26
Premium
join:2010-08-10
Warwick, RI

Re: Well at the very least, that's interesting.

said by dnoyeB:

Government agencies don't use the public networks for their business. They have savvy and complex antenna networks throughout each state. Their digital radios are very nice for vocal communication. Encrypted too.

Knocking out the public DATA network briefly is not that big of a deal. Well maybe for kids who forget their phones can be used for speech...

except it will soon be more then just DATA. VoLTE is coming and Verizon wants to sunset 3g /2g and CDMA by 2021 if not sooner. AT&T also will be phasing out 3g - 2g and will want to go VoLTE along with all the carriers . LTE seems to be the big thing going forward.
jp16

join:2010-05-04
united state

Really? This is news?

Maybe I am missing the point here but ANY wireless transmissions are subject to "jamming". Whilst some may be easier than others its all really simple. Is the author playing on peoples ignorance to sell his product?

Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

Re: Really? This is news?

said by jp16:

Maybe I am missing the point here but ANY wireless transmissions are subject to "jamming".

All wireless is subject to barrage jamming (aka brute force), where you just throw a large amount of radio energy at it. But this is not very efficient.

Individual wireless protocols may well have weak areas where a small amount of signal - but just the right signal - can be leveraged to take down the whole thing. For instance, in LTE, jamming the primary synchronization signal offers a huge multiplier of jamming effort compared with the overall effect.

I don't know to the extent that these can be mitigated by design considerations in the wireless protocols, but that doesn't mean that the research shouldn't be done.

And there's no "product" to be sold here: the researchers are from Virginia Tech and I don't believe they were paid for this work.

Steve — who actually read the paper
--
Stephen J. Friedl | Unix Wizard | Security Consultant | Orange County, California USA | my web site
kevinds
Premium
join:2003-05-01
Calgary, AB
kudos:3
Reviews:
·Shaw

Re: Really? This is news?

I'd be curious if these researchers could get access to a City's LTE network before it went live to the public - active, but not in use, to 'stress' test a real network, and see how effective this would be on a large scale.
--
Yes, I am not employed and looking for IT work. Have passport, will travel.

AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

All wireless is subject

to DoS atacks by jamming.

But if you are a researcher you get paid to tell people this.
--
* seek help if having trouble coping
--Standard disclaimers apply.--
st7860

join:2004-05-13
San Francisco, CA

IDEN/private networks

most public safety agencies use iden or their own networks anyway