Professor Yongdae Kim's research team developed a system that can automatically analyze vulnerabilities of LTE mobile communications, and they will announce it to IEEE S&P (Symposium on Security and Privacy), one of the best security conferences.
The research team developed a system called LTEFuzz to check whether exception processing is properly done in the LTE network. LTEFuzz is a system that creates hundreds of packets that do not conform to the mobile communication standard, and it sends them to both the core network and terminals. Finally, LTEFuzz checks if it can process packets or not. Using LTEFuzz, the researchers identified 51 vulnerabilities (36 new vulnerabilities, 15 existing vulnerabilities) at LTE core networks of the two domestic telecommunication companies and Qualcomm and Hi-silicon modem chips for Samsung, LG and Huawei phones. In particular, these vulnerabilities are also present in the 5G Non-Stand Alone (NSA) using the LTE core network, so it is necessary to take prompt action.
Professor Yongdae Kim said, "More than 150 mobile security vulnerabilities have been discovered so far in this paper, and some have not yet been released. "KAIST System Security Laboratory has actively carried out research on security vulnerabilities and security issues of mobile communication networks, and this research has been conducted to find out the problems beforehand and to patch them. It's important to be able to contribute to the protection of the network by providing this research to the users. "
The related paper will be presented at IEEE S & P in San Francisco this May. Professor Yongdae Kim's lab continues to collaborate with telecommunication companies and manufacturers to improve these vulnerabilities.
More information on this paper can be found at http://ltefuzz.syssec.kr and this result has been reported by domestic media as follows.