Breakthrough Discovery Reveals How Attackers Can Remotely Manipulate User Data Without Physical Proximity
DAEJEON, South Korea — In an era when recent cyberattacks on major telecommunications providers have highlighted the fragility of mobile security, researchers at the Korea Advanced Institute of Science and Technology have identified a class of previously unknown vulnerabilities that could allow remote attackers to compromise cellular networks serving billions of users worldwide.
The research team, led by Professor Yongdae Kim of KAIST's School of Electrical Engineering, discovered that unauthorized attackers could remotely manipulate internal user information in LTE core networks — the central infrastructure that manages authentication, internet connectivity, and data transmission for mobile devices and IoT equipment.
The findings, presented at the 32nd ACM Conference on Computer and Communications Security in Taipei, Taiwan, earned the team a Distinguished Paper Award, one of only 30 such honors selected from approximately 2,400 submissions to one of the field's most prestigious venues.
A New Class of Vulnerability
The vulnerability class, which the researchers termed "Context Integrity Violation" (CIV), represents a fundamental breach of a basic security principle: unauthenticated messages should not alter internal system states. While previous security research has primarily focused on "downlink" attacks — where networks compromise devices — this study examined the less-scrutinized "uplink" security, where devices can attack core networks.
"The problem stems from gaps in the 3GPP standards," Professor Kim explained, referring to the international body that establishes operational rules for mobile networks. "While the standards prohibit processing messages that fail authentication, they lack clear guidance on handling messages that bypass authentication procedures entirely."
The team developed CITesting, the world's first systematic tool for detecting these vulnerabilities, capable of examining between 2,802 and 4,626 test cases — a vast expansion from the 31 cases covered by the only previous comparable research tool, LTEFuzz.
Widespread Impact Confirmed
Testing four major LTE core network implementations — both open-source and commercial systems — revealed that all contained CIV vulnerabilities. The results showed:
- Open5GS: 2,354 detections, 29 unique vulnerabilities
- srsRAN: 2,604 detections, 22 unique vulnerabilities
- Amarisoft: 672 detections, 16 unique vulnerabilities
- Nokia: 2,523 detections, 59 unique vulnerabilities
The research team demonstrated three critical attack scenarios: denial of service by corrupting network information to block reconnection; IMSI exposure by forcing devices to retransmit user identification numbers in plaintext; and location tracking by capturing signals during reconnection attempts.
Unlike traditional attacks requiring fake base stations or signal interference near victims, these attacks work remotely through legitimate base stations, affecting anyone within the same MME (Mobility Management Entity) coverage area as the attacker — potentially spanning entire metropolitan regions.
Industry Response and Future Implications
Following responsible disclosure protocols, the research team notified affected vendors. Amarisoft deployed patches, and Open5GS integrated the team's fixes into its official repository. Nokia, however, stated it would not issue patches, asserting compliance with 3GPP standards and declining to comment on whether telecommunications companies currently use the affected equipment.
"Uplink security has been relatively neglected due to testing difficulties, implementation diversity, and regulatory constraints," Professor Kim noted. "Context integrity violations can pose serious security risks."
The research team, which included KAIST doctoral students Mincheol Son and Kwangmin Kim as co-first authors, along with Beomseok Oh and Professor CheolJun Park of Kyung Hee University, plans to extend their validation to 5G and private 5G environments. The tools could prove particularly critical for industrial and infrastructure networks, where breaches could have consequences ranging from communication disruption to exposure of sensitive military or corporate data.
The research was supported by the Ministry of Science and ICT through the Institute for Information & Communications Technology Planning & Evaluation, as part of a project developing security technologies for 5G private networks.
With mobile networks forming the backbone of modern digital infrastructure, the discovery underscores the ongoing challenge of securing systems designed in an era when such sophisticated attacks were barely conceivable — and the urgent need for updated standards to address them.