HackCellular: All-In-One Demo of Real Attacks in Cellular Networks

MSSN Lab,

HackCellular is an all-in-one demo tool which integrates our recent findings on security and reliability in real cellular networks. It allows users to replay identified problems from our prior work and ongoing NSF projects on their own phones.

Seeing is believing. With this do-it-yourself tool, we hope to help researcher/developer in cellular network security, graduate students, undergraduate students, and K-12 students who are interested in network security to explore real-world threats that are happening or might happen in our daily life. For example, through this demo tool, users can find that

(1) Your phone will be charged for data that you have never received. This is exactly the TTL attack which incurs overcharges to mobile users. This has been disclosed in our CCS'14 work.
(2) Your phone might lose 4G LTE connectivity (see the status icon on the top) for a pretty long time (configurable). This happens when some phone calls (CSFB) are ongoing covertly. This attack has been disclosed in CNS'15 and Mobicom'13.
(3) Your phone might ping-pong between 3G and 4G. This happens when some phone calls (CSFB) are undertook in another stealthy way. This attack has been disclosed in CNS'15.

There are more real threats. You can find more in our research project pages (e.g., Voice Security and Data Charging Security). Note that some identified threats have been already fixed due to its damages to operators and mobile users (for example, free data access. Our group uncovered three different approaches to get data for free but so far all have been fixed in US carriers.).

This tool was initially developed as a course project of CSE5469 (Fall 2015) by four talented students: Yuhui Feng, Ganga Reddy Tankasala, Jia Guo and Wei Tang. It is being built as a collaborative ?for students, by students? project where the students play real attacks through the controlled experiments on their hands and thus raise strong interests for learning and research.

Demos

This demo shows three real threats on your phones in today's cellular networks, which have been disclosed in our recent work: (1) TTL attack, where your phone will be charged for data that you never receive. (2) PingPong attack, where your phone will ping pong between 3G and 4G; (3) Back3G attack, where your phone will get stuck in 3G and can't move back to 4G. This demo was made as part of the course project of CSE5469 (Fall 2015) by four talented students: Yuhui Feng, Ganga Reddy Tankasala, Jia Guo and Wei Tang.

Release

You can download the source code of the attack server (code) and the victim phone app (code). Please read readme.txt to install it. You need to use Skype to make phone calls.

Relevant Readings

[1] New Threats to SMS-Assisted Mobile Internet Services from 4G LTE Networks,
Guan-Hua Tu, Yuanjie Li, Chunyi Peng, Chi-Yu Li, Muhammad Taqi Raza, Hsiao-Yun Tseng, Songwu Lu, arxiv, Oct 2015.

[2] Insecurity of Voice Solution VoLTE in LTE Mobile Networks
Chiyu Li, Guanhua Tu, Chunyi Peng, Zengwen Yuan, Yuanjie Li, Songwu Lu, Xinbing Wang, CCS'15 , Denver, Colorado, Oct. 2015. [PDF]

[3] How Voice Call Technology Poses Security Threats in 4G LTE Networks
Guanhua Tu, Chiyu Li, Chunyi Peng, Songwu Lu, CNS'15, Florence, Italy, Sep. 2015. [PDF]

[4] How Voice Calls Affect Data in Operational LTE Networks
Guan-Hua Tu, Chunyi Peng, Hongyi Wang, Chi-Yu Li, Songwu Lu, MobiCom'13, Miami, FL, USA, Sep. 2013. [PDF] [slide]

[5] Real Threats to Your Data Bills: Security Loopholes and Defense in Mobile Data Charging
Chunyi Peng, Chiyu Li, Hongyi Wang, Guanhua Tu, Songwu Lu, CCS'14 , Scottsdale, Arizona, Nov. 2014. [PDF] [Slide ]

Team Members

Chunyi Peng (Faculty, Purdue, work done at OSU)
Yuhui Feng (MS Student, OSU, 2015 Fall)
Ganga Reddy Tankasala (MS Student, OSU, 2015 Fall)
Jia Guo (MS Student, OSU 2015 Fall)
Wei Tang (MS Student, OSU, 2015 Fall)