Opened 9 years ago

Last modified 8 years ago

#2 accepted specification issue


Reported by: admin Owned by: laforge
Priority: major Component: Um (MS-BTS) interface
Version: Keywords: GSM, DoS
Cc: laforge


In GSM networks that use the IMSI ATTACH/DETACH procedure, the IMSI DETACH message is not authenticated.

A malicious attacker knowing the IMSI or TMSI of a victim can thus send hand-crafted IMSI DETACH messages to a cell, causing the network to assume the MS is no longer present in the network.

This will effectively prevent the delivery of all mobile-terminated (MT) services, such as SMS, voice calls, CSD, ...

This flaw was first discovered in May 2010 by Sylvain Munaut.

Change History (4)

comment:1 Changed 9 years ago by admin

  • Owner admin deleted
  • Status changed from new to assigned

comment:2 Changed 9 years ago by admin

  • Owner set to admin
  • Status changed from assigned to accepted

comment:3 Changed 9 years ago by laforge

  • Owner changed from admin to laforge

comment:4 in reply to: ↑ description Changed 8 years ago by steve-m

This issue has also been covered at the "GSM and 3G Security"-talk at Blackhat Asia in April 2001.

See page 9 of the slides of the talk, "De-registration spoofing":

Note: See TracTickets for help on using tickets.