According to a critical document filed with the National Telecommunications and Information Administration, you can take down any LTE network with a simple $650 piece of gear.
Every cellphone grid is vulnerable to this technique, including FirstNet, the emergency communications network designed after 9/11. According to the authors, "it's relatively easy to do" by anyone. In fact, if a terrorist group spent just a bit more on a cheap, readily available power amplifier, it could take down a region as large as New York State.
The paper, by Jeff Reed—director of the wireless research group at Virginia Tech—and research assistant Marc Lichtman, says that it would be hard to defend against such an attack. The problem, they say, relates to structural, intrinsic vulnerabilities to the LTE architecture.
According to Lichtman, there are eight distinct ways to take down an LTE network, easily be exploited by anyone with basic communications engineering skills:
Your phone is constantly syncing with the base station. If you can disrupt that synchronization, you will not be able to send or receive data. There are multiple weak spots-about eight different attacks are possible. The LTE signal is very complex, made up of many subsystems, and in each case, if you take out one subsystem, you take out the entire base station. Any communications engineer would be able to figure this stuff out.
The NTIA and the big telecommunication providers haven't reacted to the paper yet. The good news is that the existing 3G and 2G grids would still work in such a scenario. However, as we are increasingly dependent on higher data rates and migrating to faster and better networks, such structural problems are worrying. Extremely worrying, in fact: by 2017, half of the world's population will run on LTE, and new devices—some of them critical, in the medical and transportation industries—will be based solely on this standard.
The worst part: LTE has been proposed for the new communication system for emergency response. Called FirstNet, it was designed after the many communications problems experienced by first response teams during 9/11. Just imagine the picture: terrorists first attacking a major target and then jamming the communication network used by the emergency forces trying to help. According to Reed, this is specifically what can happen.
And there doesn't seem to be a fix right now. This is an systems architecture problem, according to Reed, one that would take a massive rethinking to prevent:
LTE does a good job of [encrypting the communications]. But unconventional security aspects, such as preventing signal jamming, have been largely overlooked.