Project

General

Profile

Actions

Bug #1478

open

IMSI DETACH DoS

Added by admin about 8 years ago. Updated over 4 years ago.

Status:
New
Priority:
High
Assignee:
-
Category:
Um (MS-BTS) interface
Target version:
-
Start date:
Due date:
% Done:

0%

Resolution:
Spec Reference:

Description

In GSM networks that use the IMSI ATTACH/DETACH procedure, the IMSI DETACH message is not authenticated.

A malicious attacker knowing the IMSI or TMSI of a victim can thus send hand-crafted IMSI DETACH messages to a cell, causing the network to assume the MS is no longer present in the network.

This will effectively prevent the delivery of all mobile-terminated (MT) services, such as SMS, voice calls, CSD, ...

This flaw was first discovered in May 2010 by Sylvain Munaut.

Actions #1

Updated by admin over 13 years ago

  • Status changed from New to In Progress
Actions #2

Updated by steve-m over 12 years ago

This issue has also been covered at the "GSM and 3G Security"-talk at Blackhat Asia in April 2001.

See page 9 of the slides of the talk, "De-registration spoofing":
http://www.blackhat.com/presentations/bh-asia-01/gadiax.ppt

Actions #3

Updated by laforge about 8 years ago

  • Assignee deleted (laforge)
Actions #4

Updated by Sweely over 4 years ago

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)