A Denial of Service Attack to GSM Networks via Attach Procedure

  • Nicola Gobbo
  • Alessio Merlo
  • Mauro Migliardi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8128)


Mobile Network Operators (MNOs) keep a strict control over users accessing the networks by means of the Subscriber Identity Module (SIM). This module grants the user access to the network, by performing the registration and authentication of the user’s device. Without a valid Subscribe IdentityModule (SIM) module and a successful authentication, mobile devices are not granted access and, hence, they are not allowed to inject any traffic in the mobile infrastructure. Nevertheless, in this paper we describe an attack to the security of a mobile network allowing an unauthenticated malicious mobile device to inject traffic in the mobile operator’s infrastructure. We show that even with devices without any SIM module it is possible to inject high levels of signaling traffic in the mobile infrastructure, causing significant service degradation up to a full-fledged Denial of Service (DoS) attack.


Mobile Security GSM cellular networks security DoS attack 


  1. 1.
    3GPP: TS 23.401 — General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access,
  2. 2.
    3GPP: TS 25.214 — Physical layer procedures (FDD),
  3. 3.
    3GPP: TS 27.007 — AT command set for User Equipment (UE),
  4. 4.
    3GPP: TS 44.006 — Mobile Station - Base Stations System (MS - BSS) interface Data Link (DL) layer specification,
  5. 5.
    Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Would you mind forking this process? A Denial of Service attack on Android (and some countermeasures). In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 13–24. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Breaking and fixing the Android Launching Flow. Computers & Security (2013),
  7. 7.
    Castiglione, A., Cattaneo, G., Cembalo, M., De Santis, A., Faruolo, P., Petagna, F., Ferraro Petrillo, U.: Engineering a secure mobile messaging framework. Computers & Security 31(6), 771–781 (2012)CrossRefGoogle Scholar
  8. 8.
    Castiglione, A., Cattaneo, G., De Maio, G., Petagna, F.: SECR3T: Secure End-to-End Communication over 3G Telecommunication Networks. In: 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 520–526 (2011)Google Scholar
  9. 9.
    Castiglione, A., Cattaneo, G., De Santis, A., Petagna, F., Ferraro Petrillo, U.: SPEECH: Secure Personal End-to-End Communication with Handheld. In: ISSE 2006, Securing Electronic Busines Processes, pp. 287–297. Vieweg (2006),
  10. 10.
    Castiglione, A., De Prisco, R., De Santis, A.: Do You Trust Your Phone? In: Di Noia, T., Buccafurri, F. (eds.) EC-Web 2009. LNCS, vol. 5692, pp. 50–61. Springer, Heidelberg (2009), CrossRefGoogle Scholar
  11. 11.
    Castiglione, A., De Prisco, R., De Santis, A., Fiore, U., Palmieri, F.: A botnet-based command and control approach relying on swarm intelligence. Journal of Network and Computer Applications (2013),
  12. 12.
    De Santis, A., Castiglione, A., Cattaneo, G., Cembalo, M., Petagna, F., Ferraro Petrillo, U.: An Extensible Framework for Efficient Secure SMS. In: 2010 International Conference on Complex, Intelligent and Software Intensive Systems, pp. 843–850 (2010)Google Scholar
  13. 13.
    Derr, K.: Nightmares with mobile devices are just around the corner? In: IEEE International Conference on Portable Information Devices, PORTABLE 2007, pp. 1–5 (2007)Google Scholar
  14. 14.
    Doukas, C., Pliakas, T., Maglogiannis, I.: Mobile healthcare information management utilizing cloud computing and android os. In: 2010 Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC), pp. 1037–1040. IEEE (2010)Google Scholar
  15. 15.
    Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM (2011)Google Scholar
  16. 16.
    Fleizach, C., Liljenstam, M., Johansson, P., Voelker, G.M., Mehes, A.: Can you infect me now?: malware propagation in mobile phone networks. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode, pp. 61–68. ACM (2007)Google Scholar
  17. 17.
    Gobbo, N., Merlo, A., Migliardi, M.: Attacking the attach procedure in cellular networks. Journal of Ambient Intelligence and Humanized Computing (2014)Google Scholar
  18. 18.
    Guo, C., Wang, H.J., Zhu, W.: Smart-phone attacks and defenses. In: HotNets III (2004)Google Scholar
  19. 19.
    Heine, G., Horrer, M.: GSM networks: protocols, terminology, and implementation. Artech House, Inc. (1999)Google Scholar
  20. 20.
    Kambourakis, G., Kolias, C., Gritzalis, S., Hyuk-Park, J.: Signaling-oriented DoS attacks in UMTS networks. In: Park, J.H., Chen, H.-H., Atiquzzaman, M., Lee, C., Kim, T.-H., Yeo, S.-S. (eds.) ISA 2009. LNCS, vol. 5576, pp. 280–289. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Khan, M., Ahmed, A., Cheema, A.R.: Vulnerabilities of umts access domain security architecture. In: Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, SNPD 2008, pp. 350–355. IEEE (2008)Google Scholar
  22. 22.
    Kuntagod, N., Mukherjee, C.: Mobile decision support system for outreach health worker. In: 2011 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom), pp. 56–59. IEEE (2011)Google Scholar
  23. 23.
    Migliardi, M., Gaudina, M.: Memory Support through Pervasive and Mobile Systems. In: Inter-Cooperative Collective Intelligence: Techniques and Applications. SCI. Springer (2013)Google Scholar
  24. 24.
    Mulliner, C., Seifert, J.P.: Rise of the iBots: Owning a telco network. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 71–80. IEEE (2010)Google Scholar
  25. 25.
    Tacconi, C., Mellone, S., Chiari, L.: Smartphone-based applications for investigating falls and mobility. In: 2011 5th International Conference on Pervasive Computing Technologies for Healthcare (PervasiveHealth), pp. 258–261. IEEE (2011)Google Scholar
  26. 26.
    Traynor, P., Enck, W., McDaniel, P., La Porta, T.: Mitigating attacks on open functionality in sms-capable cellular networks. In: Proceedings of the 12th Annual International Conference on Mobile Computing and Networking, pp. 182–193. ACM (2006)Google Scholar
  27. 27.
    Traynor, P., Lin, M., Ongtang, M., Rao, V., Jaeger, T., McDaniel, P., La Porta, T.: On cellular botnets: measuring the impact of malicious devices on a cellular network core. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 223–234. ACM (2009)Google Scholar
  28. 28.
    Traynor, P., McDaniel, P., La Porta, T., et al.: On attack causality in internet-connected cellular networks. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–16. USENIX Association (2007)Google Scholar
  29. 29.
    U.S. Department of Defense: Security Technical implementation Guide,
  30. 30.
    Wang, M.Y., Zao, J.K., Tsai, P., Liu, J.: Wedjat: a mobile phone based medicine in-take reminder and monitor. In: Ninth IEEE International Conference on Bioinformatics and BioEngineering, BIBE 2009, pp. 423–430. IEEE (2009)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Nicola Gobbo
    • 1
  • Alessio Merlo
    • 2
  • Mauro Migliardi
    • 1
  1. 1.Università degli Studi di PadovaItaly
  2. 2.Università degli Studi E-CampusItaly

Personalised recommendations