TY - GEN
T1 - Uncovering insecure designs of cellular emergency services (911)
AU - Hu, Yiwen
AU - Chen, Min Yue
AU - Tu, Guan Hua
AU - Li, Chi Yu
AU - Wang, Sihan
AU - Shi, Jingwen
AU - Xie, Tian
AU - Xiao, Li
AU - Peng, Chunyi
AU - Tan, Zhaowei
AU - Lu, Songwu
N1 - Publisher Copyright:
© 2022 ACM.
PY - 2022/10/14
Y1 - 2022/10/14
N2 - Cellular networks that offer ubiquitous connectivity have been the major medium for delivering emergency services. In the U.S., mobile users can dial an emergency call with 911 for emergency uses in cellular networks, and the call can be forwarded to public safety answer points (PSAPs), which deal with emergency service requests. According to regulatory authority requirements for the cellular emergency services, anonymous user equipment (UE), which does not have a SIM (Subscriber Identity Module) card or a valid mobile subscription, is allowed to access them. Such support of emergency services for anonymous UEs requires different operations from conventional cellular services, and can therefore increase the attack surface of the cellular infrastructure. In this work, we are thus motivated to study the insecurity of the cellular emergency services and then discover four security vulnerabilities from them. Threateningly, they can be exploited to launch not only free data service attacks against cellular carriers, but also data DoS/overcharge and denial of cellular emergency service (DoCES) attacks against mobile users. All vulnerabilities and attacks have been validated experimentally as practical security issues in the networks of three major U.S. carriers. We finally propose and prototype standard-compliant remedies to mitigate the vulnerabilities.
AB - Cellular networks that offer ubiquitous connectivity have been the major medium for delivering emergency services. In the U.S., mobile users can dial an emergency call with 911 for emergency uses in cellular networks, and the call can be forwarded to public safety answer points (PSAPs), which deal with emergency service requests. According to regulatory authority requirements for the cellular emergency services, anonymous user equipment (UE), which does not have a SIM (Subscriber Identity Module) card or a valid mobile subscription, is allowed to access them. Such support of emergency services for anonymous UEs requires different operations from conventional cellular services, and can therefore increase the attack surface of the cellular infrastructure. In this work, we are thus motivated to study the insecurity of the cellular emergency services and then discover four security vulnerabilities from them. Threateningly, they can be exploited to launch not only free data service attacks against cellular carriers, but also data DoS/overcharge and denial of cellular emergency service (DoCES) attacks against mobile users. All vulnerabilities and attacks have been validated experimentally as practical security issues in the networks of three major U.S. carriers. We finally propose and prototype standard-compliant remedies to mitigate the vulnerabilities.
KW - 911 (9-1-1)
KW - cellular networks
KW - emergency services
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85140880477&partnerID=8YFLogxK
U2 - 10.1145/3495243.3560534
DO - 10.1145/3495243.3560534
M3 - Conference contribution
AN - SCOPUS:85140880477
T3 - Proceedings of the Annual International Conference on Mobile Computing and Networking, MOBICOM
SP - 703
EP - 715
BT - ACM MobiCom 2022 - Proceedings of the 2022 28th Annual International Conference on Mobile Computing and Networking
PB - Association for Computing Machinery
T2 - 28th ACM Annual International Conference on Mobile Computing and Networking, MobiCom 2022
Y2 - 17 October 2202 through 21 October 2202
ER -