At a time when recent cyberattacks on major telecommunications providers have highlighted the vulnerability of mobile security, researchers at the Korea Advanced Institute of Science and Technology (KAIST) have identified a number of previously unknown vulnerabilities that could allow attackers to compromise mobile networks that serve billions of users worldwide.

The research team, led by Professor Yongdae Kim from the KAIST School of Electrical Engineering, discovered that unauthorized attackers can remotely manipulate internal user information on LTE core networks — the central infrastructure that manages authentication, internet connection, and data transmission for mobile devices and IoT devices.

The results, presented at the 32nd ACM Conference on Computer and Communications Security in Taipei, Taiwan, earned the team a Distinguished Paper Award, one of only 30 awards selected from around 2,400 submissions to one of the most prestigious events in the field. A new class of vulnerabilities

The vulnerability class, which the researchers called “Context Integrity Violation” (CIV), represents a fundamental violation of a fundamental security principle: unauthenticated messages should not alter the internal system state. While previous security research focused primarily on “downlink” attacks – where networks compromise devices – this study looked at lesser-noticed “uplink” security, where devices can attack core networks.

“The problem lies in gaps in the 3GPP standards,” Professor Kim explained, referring to the international organization that sets operating rules for mobile networks. “While the standards prohibit the processing of messages that fail authentication, they lack clear guidelines for handling messages that bypass authentication procedures entirely.”

The team developed CITesting, the world’s first systematic tool for detecting these vulnerabilities, which can examine between 2,802 and 4,626 test cases – a huge increase over the 31 cases covered by the only previous comparable research tool, LTEFuzz.

Testing of four major LTE core network implementations – both open-source and commercial systems – found that all contained CIV vulnerabilities. The results showed:

• Open5GS: 2,354 detections, 29 unique vulnerabilities
• srsRAN: 2,604 detections, 22 unique vulnerabilities
• Amarisoft: 672 Detections, 16 Unique Vulnerabilities
• Nokia: 2,523 detections, 59 unique vulnerabilities

The research team demonstrated three critical attack scenarios: denial-of-service by falsifying network information to block reconnection; IMSI disclosure by forcing user identification numbers to be retransmitted in plain text; and location tracking by capturing signals during reconnection attempts.

Unlike traditional attacks that require fake base stations or signal interference near victims, these attacks operate remotely through legitimate base stations and affect everyone within the same Mobility Management Entity (MME) coverage area as the attacker – potentially across entire metropolitan areas.

Industry response and future impact

In accordance with the responsible disclosure protocols, the research team informed the affected vendors. Amarisoft provided patches, and Open5GS integrated the team’s fixes into its official repository. However, Nokia said it would not issue patches, citing compliance with 3GPP standards and declined to comment on whether telecom companies are currently using the affected devices.

“The safety of the uplink has been relatively neglected due to testing difficulties, different implementations, and regulatory limitations,” Professor Kim noted. “Violations of context integrity can pose serious security risks.”

The research team, which included KAIST PhD students Mincheol Son and Kwangmin Kim as co-first authors, and Beomseok Oh and Professor CheolJun Park from Kyung Hee University, plans to expand its validation to 5G and private 5G environments. The tools could prove particularly important for industrial and infrastructure networks, where breaches can have consequences ranging from communication disruptions to the disclosure of sensitive military or corporate data. The research was supported by the Ministry of Science and ICT through the Institute for Information and Communication Technology Planning and Evaluation as part of a project to develop security technologies for private 5G networks.

Editor: X-Press Journalistenbüro GbR

Gender Notice. The personal designations used in this text always refer equally to female, male and diverse persons. Double/triple naming and gendered designations are used for better readability. ected.