Spoofed Networks: Exploitation of GNSS Security Vulnerability in 4G and 5G Mobile Networks
Abstract
Fifth Generation New Radio (5G NR) represents a shift in mobile telephony whereby the network architecture runs containerized software on commodity hardware. In preparation for this transition, numerous 4G Long Term Evolution software stacks have been developed to test the containerization of core network functions and the interfaces with radio access network protocols. In this thesis, one such stack, developed by the OpenAirInterface Software Alliance, was used to create a low-cost, simplified mobile network compatible with the Naval Operational Architecture. Commercial off-the-shelf user equipment was then connected to the network to demonstrate how a buffer overflow vulnerability found in Qualcomm Global Navigation Satellite System chipsets and identified as CVE-2019-2254 can be leveraged to enable a spoofed network attack. The research also yielded an extension of the attack method to 5G NR networks.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2021
- Accession Number
- AD1151041
Entities
People
- Matthew J. Lanoue
Organizations
- Naval Postgraduate School