In this presentation, one vulnerability in CSFB (Circuit Switched Fallback) in 4G LTE network is introduced. In the CSFB procedure, we found the authentication step is missing. The result is that an attacker can hijack the victim’s communication. We named this attack as ‘Ghost Telephonist.’ Several exploitations can be made based on this vulnerability. When the call or SMS is not encrypted, or weakly encrypted, the attacker can get the content of the victim’s call and SMS.
By Haoqi Shan & Jun Li & Yuwei Zheng & Lin Huang & Qing Yang
Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefings.html#ghost-telephonist-link-hijack-exploitations-in-4g-lte-cs-fallback