![Conceptual diagram of how to identify and detect new uplink vulnerabilities in LTE core network. [Picture = KAIST]](https://news.charm-retirement.com/wp-content/uploads/2025/11/news-p.v1.20251102.704e287b38d641b896649e5663d3cbca_P1.jpg)
Professor Kim Yong-dae of KAIST’s Department of Electrical and Electronic Engineering\n Even if it is not certified by LTE Core Network\nUncompliance with equipment manufacturers such as Nokia\n
A new hacking method that can remotely paralyze other people’s mobile phones by using loopholes in communication equipment has been revealed. It is also difficult to track the attacker because it uses a normal base station network. Critics point out that the failure to comply with regulations by some telecommunication equipment manufacturers, such as Nokia, is the cause of the vulnerability.
A team led by Kim Yong-dae, a professor of electrical and electronic engineering at KAIST, announced on the 2nd that it has discovered a security vulnerability in the LTE core network that allows an unauthenticated attacker to remotely manipulate other users’ internal state information.
LTE core network is a huge network in which peripheral terminals (cell phones) are connected around base stations. In order for people to use communication, most of them need to go through authentication and access the base station. That’s why you need a USIM card to make a call.
However, emergency calls can be made without going through a separate authentication process. Even if you don’t have a USIM card on your mobile phone, you can make emergency calls such as police or fire fighting.
The hacking method, which has been revealed this time, has exploited a route that does not go through authentication procedures like emergency phones. An attacker steals someone else’s ID and then connects to the network without an authentication process. Since there is no authentication process, the network does not know whether the stolen ID is the actual person or not.
Then, there are two users with the same ID in the network, and the network automatically disconnects the existing user connection. One day, the attacked person’s cell phone will not work without knowing why.
Recently, various mobile communication hacking incidents such as SK Telecom hacking incidents and KT small payment incidents have continued, but most of them were hacking base station authentication. Most security studies have also focused on base station networks attacking terminals.
On the other hand, this hacking is a way in which the terminal attacks the network. It is difficult to track after damage occurs because it bypasses the authentication itself. In addition, the existing attack required the attacker to be physically near the victim, but the physical distance does not matter because this attack sends a fabricated message through a normal base station.
This is because network equipment manufacturers have neglected related regulations. The 3GPP (International Standard Organization for Mobile Phones and Wireless Networks) stipulates that “unauthenticated messages should not change the state of the internal system.” According to this, a terminal accessed without authentication should have no other effect.
As for network equipment, Nokia, Ericsson, Samsung, and Huawei dominate the global market. In this study, Nokia equipment was verified and this problem was found. Professor Kim also plans to continue the verification of the other three companies.
Researchers revealed the vulnerabilities revealed this time, but Nokia said, “We are complying with the 3GPP standard and do not see this as a vulnerability, so we have no patch plan.”
![(From left) Professor Kim Yong-dae, Dr. Son Min-cheol, and Kim Kwang-min (top) Professor Park Chul-joon of Kyung Hee University, and Dr. Oh Beom-seok. [Picture = KAIST]](https://wimg.mk.co.kr/news/cms/202511/02/news-p.v1.20251102.704e287b38d641b896649e5663d3cbca_P1.jpg)
