AdaptOver : Adaptive Overshadowing of LTE signals

We introduce AdaptOver, a new LTE signal overshadowing attack that allows an adversary to reactively and adaptively overshadow any downlink message between the network and the user equipment (UE). We demonstrate the impact of AdaptOver by using it to launch targeted Denial-of-Service (DoS) attacks on UEs. We implement AdaptOver using a commercially available software-defined radio. Our experiments demonstrate that our DoS attacks cause persistent connection loss lasting more than 12 hours for a wide range of smartphones. DoS attacks based on AdaptOver are stealthier than attacks that relied on the use of fake base stations, and more persistent than existing overshadowing attacks, which caused connection loss of only up to 9 minutes. Given that AdaptOver can reactively overshadow any downlink message, its use is not limited to DoS attacks - it can be used for a wide range of other attacks, e.g., to extract the IMSI from a UE in a stealthier manner than traditional IMSI catchers. We consider AdaptOver to be an essential building block for many attacks against real-world LTE networks. In particular, any fake base station attack that makes use of spoofed downlink messages can be ported to the presented attack method, causing a much more reliable, persistent, and stealthy effect.