Slashdot Mirror

← Back to Stories (view on slashdot.org)

Battery-Powered Transmitter Could Crash A City's 4G Network

Posted by Soulskill on from the new-york-must-have-a-lot-of-these dept.

DavidGilbert99 writes "With a £400 transmitter, a laptop and a little knowledge you could bring down an entire city's high-speed 4G network. This information comes from research carried out in the U.S. into the possibility of using LTE networks as the basis for a next-generation emergency response communications system. Jeff Reed, director of the wireless research group at Virginia Tech, along with research assistant Marc Lichtman, described the vulnerabilities to the National Telecommunications and Information Administration, which advises the White House on telecom and information policy. 'If LTE technology is to be used for the air interface of the public safety network, then we should consider the types of jamming attacks that could occur five or ten years from now (PDF). It is very possible for radio jamming to accompany a terrorist attack, for the purpose of preventing communications and increasing destruction,' Reed said."

22 of 121 comments (clear)

  1. This already exists in the wild by Anonymous Coward · · Score: 5, Funny

    AT+T has apparently been using this for months, in almost every major city

    1. Re:This already exists in the wild by game+kid · · Score: 4, Funny

      Thank you for your concern. At at&t(R), our commitment(tm) to rebuilding the nation's largest 4G network this year with your input has not wavered. However, our cozy government relationship requires us to install multiple backdoors, electronic and otherwise, and our Security budget was beginning to cut into our Invite Government Representatives Into Boardroom For Lobbying And Slash Or Trophywife Swapping budget.

      As such, we have decided to retain the mandatory backdoors but leave them open to these minor vulnerabilities. The occasional permanent loss of an antenna, your Facebook account's integrity, or that one guy in Customer Service who decides to blow a whistle on us does not preclude your required payment of the 2012 Nation's Largest 4G Network Improvements Fee, or the upcoming 2013 Nation's Largest 4G Network Improvements Fee (which we hereby announce in this sentence, as double the 2012 version in all cases), even though both would be entirely too small to buy such high-value targets and high-class lays in such high volume.

      Thank you again for choosing at&t(R), now with the nation's tallest paperweights. Like us on Facebook, follow us on Twitter, or let us track you to your house through any other method imaginable.

      --
      You can hold down the "B" button for continuous firing.
  2. Invasion! by jdkc4d · · Score: 2, Funny

    A communications disruption can only mean one thing...

    1. Re:Invasion! by wonkey_monkey · · Score: 3, Funny

      There's another shitty movie on the way and Disney don't want word of mouth spreading?

      --
      systemd is Roko's Basilisk.
  3. What's the point? by rabtech · · Score: 5, Informative

    What's the point here? You can do the same thing with all the proprietary public safety network gear various vendors are peddling - they are mostly hilariously insecure. Or if you have a portable generator, just flood the public safety band with interference. It accomplishes the same thing.

    The article claims older 3G and 2G networks would still work if LTE were jammed but that's completely false. There are a ton of ways to jam those by using fake femtocell pilot signals or otherwise interfering with synchronization signals.

    In fact the MIMO technology of LTE could make it slightly harder to jam if the base stations are properly filtering stray signals. Use car-mounted MIMO for the user-side and you would get something way better than any of the existing systems at resisting interference.

    --
    Natural != (nontoxic || beneficial)
  4. Ham Radio Baby!!! by bobthesungeek76036 · · Score: 2

    Got several amateur radios in my truck so no cell towers needed.

    --
    Karma: Bad
    1. Re:Ham Radio Baby!!! by ATestR · · Score: 3, Informative

      More than two! Latest estimates that I've heard are that there are 600,000+ Hams in the US.

      --
      âoeAny society that would give up a little liberty to gain a little security will deserve neither and lose both.
    2. Re:Ham Radio Baby!!! by dnahelicase · · Score: 3, Interesting

      More than two! Latest estimates that I've heard are that there are 600,000+ Hams in the US.

      If you follow the news during any one of the big disasters in the past few years, it seems that Hams are the only ones that consistently are organized, prepared, and react immediately.

  5. Re:Police Box by TubeSteak · · Score: 3, Insightful

    Hardlined police boxes with a wireless AP would make for a vastly more robust network than using the commercial LTE towers.
    Sometimes the old ways are best.

    --
    [Fuck Beta]
    o0t!
  6. Re:For how long though? by magic+maverick+ · · Score: 5, Interesting

    Hope in a taxi or bus, drive around, turn off transmitter, walk some way, hope on another bus, turn it on again, turn it off again. Basically keep moving, make the movement sufficiently random, any you won't get caught. OK, a car battery is a bit heavy, but it's not that heavy that you can't carry it around on your lap.

    Regarding the "oh noz terrorists", not everything has to be linked to terrorists, isn't it more likely that in the event of a "terrorist" attack, the system would be brought down by people just trying to call the emergency number or friends and family? And anyway, haven't I read about various authorities around the world wanting a switch to turn off the phone networks in the event of a terrorist attack?

    So when the "terrorists" do it, it's bad, but when the authorities do it, it's just fine...

    --
    HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
  7. Re:Police Box by Jason+Levine · · Score: 3, Funny

    But would those police boxes be bigger on the inside?

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  8. Mod parent up. by khasim · · Score: 3, Insightful

    I don't know what the line:

    With a £400 transmitter, a laptop and a little knowledge you could bring down an entire city's high-speed 4G network.

    came from but it is 100% false (unless you are talking about a very, very small "city".

    This "attack" is just broadcasting noise and messing with communication protocols. So the range is limited to the coverage area of the transmitter. Including dead zones where there is too much concrete and steel for the transmitter to get through.

    So you should see the same pattern for blocking as you do for regular access. With a similar requirement for blocking as for coverage.

  9. Re:Improperly tuned repeaters by AwesomeMcgee · · Score: 2

    Vodafone politely asked them to turn that shit off.

    ...which wasn't hard to do because all vodafone had to do was call anyone in that town and it rang straight to the yacht...

  10. Re:For how long though? by houghi · · Score: 4, Interesting

    If you are a terrorist, it would not matter. Even if they were all 100 found within 1 hour and deactivated, the real result would be delivered by the media. Can you imagine the headlines if such a thing would happen?

    13 guys with box cutters saw to it that we can not take a nail-clipper onto a plane. The result of their action is that laws have been created that limit everybodyâ(TM)s rights all over the world.

    The fear the media would create is so much more then what the terrerists could do themselves. Fear nothing but fear itself and that is what will be crated: fear.

    --
    Don't fight for your country, if your country does not fight for you.
  11. Communication is Always a Problem by superid · · Score: 2

    I hate to say it but 4G for an emergency network is just a money sink. I hate to have a defeatist attitude but at least in my small new england town this would be a complete waste of time and money and effort. We have no unified dispatch system. All land line 911 calls go to police. If you want Fire or Ambulance it's transferred to the Fire department, who then transfers medical calls to the ambulance. If you call from a cell phone it goes to the state police regional office first, then to the local state police barracks, then to town police, etc. Police and fire are on separate frequencies. ICS is a joke and never implemented. EMA is run with all donated equipment and goodwill of Ham operators. Better than nothing? certainly but not by much. I put an IP camera onto their EMA vehicle, punched a hole in their firewall and the chiefs were able to view the scene and control the camera from the EOC. It took me 10 minutes but it was like the natives seeing an airplane. The average Police/fire/EMA chief is 50+ years old and typically holds a grease pencil, not an iPad.

    Example, there was a mill fire in the neighboring city. Multiple towns responded. No ICS, no communication plan, everyone on one channel walking all over each other. There is no way any of these communities could implement, monitor or effectively use a 4G solution.

  12. Re:rooted phones illegal in 5..4.. by WaffleMonster · · Score: 2

    Because rather then fix the problem in the system its self, they will just ban the 'small radio transmitter' that is under your control.

    A rooted phone does not translate into access to the baseband processor. :(

  13. Re:Smoke Signals by anubi · · Score: 2

    Ham Radio. 6146. Morse code.

    Not far behind 'ya!

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

  14. Re:Yes, but think of the Lulz! by Beardo+the+Bearded · · Score: 3, Informative

    Interestingly, I found and reported a similar vulnerability in the P25 radio system about six years ago.

    Nothing's happened. You can jam all the first responder radios in a city with a very small amount of hardware and a copy of the protocol.

    --

    ---
    ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
  15. Re:For how long though? by adolf · · Score: 2

    There are special issue government sim cards and phone numbers that get top priority and skip the cell queue. So even if the tower is "jammed" by people calling, those phones get priority and still get through. So important communication still happens.

    Likewise, for emergency calls from consumer phones: Dialing 911 (or the local equivalent) skips all queues, and will forcibly drop other (non-emergency) calls if it must.

    But by jamming the tower, none of that works.

    Indeed. And it has been that case for as long as radio has been radio, and will continue to be that way forever. *yawn*

    --
    Kid-proof tablet..
  16. Re:This is such patent bullshit... by clonehappy · · Score: 2

    I don't doubt that they are planning to use LTE for public safety, I just question why they would *want* to use LTE for public safety. It's super-fast, but that's where the benefits end from what I've seen. It seems to have mediocre propagation characteristics even at low frequencies, every LTE device I've ever seen will intermittently drop the connection then take a few minutes to restart it, and does indeed seem to have issues with interference in addition to questionable performance in situations with poor signal strength.

    Any public safety network (in addition to using not-ready-for-primetime air interfaces such as LTE) should have some kind of analog or failsafe digital fallback mode that uses more robust, rudimentary protocols to fend off attacks such as these, be they intentional or accidental. At any rate, this really should be a non-issue as the number of base stations needed to provide wall to wall LTE service in a city will mitigate this specific attack pretty well.

  17. Re:For how long though? by Agripa · · Score: 2

    The base station antennas do not have perfect rejection outside of their main lobe so given proximity or reflections, a single transmitting antenna will be able to hit all of them simultaneously.

    Given the type of attack discussed, it may not even be necessary if a resource in common too all of the base station's transceivers can be depleted by accessing only one antenna sector.

  18. Re:For how long though? by Agripa · · Score: 2

    Once these guys get the attention of the network operator, they'll be found quickly.

    I am not so sure about that. I have a lot of experience in ham radio foxhunting from both the hunting and hiding aspect. For all but the most difficult hunts, the hider has specific limitations which must be followed in aspects like location and timing. Even with those restrictions, on several occasions I and others were able to hide transmitters which, while readily receivable, were all but impossible to find by the varsity of the Southern California foxhunters.