Home > CAPEC List > CAPEC-618: Cellular Broadcast Message Request (Version 2.10)  

CAPEC-618: Cellular Broadcast Message Request

 
Cellular Broadcast Message Request
Definition in a New Window Definition in a New Window
Attack Pattern ID: 618
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

In this attack scenario, the attacker uses knowledge of the target’s mobile phone number (i.e., the number associated with the SIM used in the retransmission device) to cause the cellular network to send broadcast messages to alert the mobile device. Since the network knows which cell tower the target’s mobile device is attached to, the broadcast messages are only sent in the Location Area Code (LAC) where the target is currently located. By triggering the cellular broadcast message and then listening for the presence of absence of that message, an attacker could verify that the target is in (or not in) a given location.

+ Attack Prerequisites
  • The attacker must have knowledge of the target’s mobile phone number.

+ Typical Severity

Low

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

Open source and commercial tools are available for this attack.

+ Solutions and Mitigations

Frequent changing of mobile number.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Other
An attacker could verify that the target is in (or not in) a given location.
+ Technical Context
Architectural Paradigms
Mobile
+ References
[R.618.1] Denis Foo Kune, John Koelndorfer, Nicholas Hopper and Yongdae Kim. "Location Leaks on the GSM Air Interface". University of Minnesota. <http://www-users.cs.umn.edu/~foo/research/docs/fookune_ndss_gsm.pdf>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017