[Science Column] Unauthenticated Messages Can Paralyze Communications

A security vulnerability that can remotely paralyze a communications network using only device messages sent without authentication procedures has been identified for the first time by a Korean research team.

This discovery is seen as a signal that the fundamental security architecture of next-generation communications infrastructure-including smartphones, Internet of Things (IoT) devices, and industrial private networks-must be redesigned.

The research team led by Professor Kim Yongdae of the School of Electrical Engineering at Korea Advanced Institute of Science and Technology (KAIST) announced on November 2 that they have identified a new type of security flaw in the core network of fourth-generation mobile communication technology (LTE). This flaw, called 'Context Integrity Violation (CIV),' allows unauthenticated device messages to abnormally alter the internal state of the system.

'CITesting' Identifies and Detects New Uplink Vulnerability 'Context Integrity Violation (CIV)' in LTE Core Network. Provided by Research Team

The team developed an automated detection tool called 'CITesting' for this vulnerability. Their findings were presented at the world's most prestigious security conference, the ACM CCS (Conference on Computer and Communications Security) 2025, where the paper received the Distinguished Paper Award.

The LTE core network serves as the 'brain' of communications, handling device authentication, data transmission, and billing processes.

While previous security research has mainly focused on the 'downlink' direction, where the network attacks the device, the KAIST team instead explored the security blind spot of the 'uplink,' where devices can attack the network.

The researchers confirmed that although early versions of the international standard (3GPP) specified a rule not to process messages that fail authentication, there was no definition on how to handle messages that enter the network without any authentication procedure at all.

If exploited, attackers can change the internal state of the core network without authentication, leading to severe consequences such as denial-of-service (DoS) attacks or location tracking.

Using the CITesting tool, the team conducted thousands of tests on four types of open-source and commercial LTE core networks (Open5GS, srsRAN, Amarisoft, Nokia) and found the CIV vulnerability present in all devices.

Through experiments, the researchers demonstrated that: ▲ attackers can refuse reconnection by impersonating a victim's identification number, resulting in a denial-of-service attack; ▲ devices can be forced to retransmit their unique identifier (IMSI) stored on the SIM card in plaintext, leading to IMSI exposure; and ▲ user location tracking is possible using reconnection signals.

Notably, this attack can be carried out by sending manipulated messages through a legitimate base station, without the need for a fake base station or physical access. If both the victim and attacker are within the jurisdiction of the same central control base station (MME), the attack can remotely paralyze communications.

Professor Kim Yongdae of KAIST emphasized, "Uplink security has been relatively neglected due to the difficulty of testing and limitations in standards. Context Integrity Violation is a structural issue that can similarly occur in 5G and industrial private networks."

Photo of researchers. From left: Professor Kim Yongdae, Mincheol Son, Doctoral candidate Kim Kwangmin. Top (circle): Professor Park Chuljun of Kyung Hee University, Doctoral candidate Oh Beomseok. Provided by KAIST

He added, "We plan to expand CITesting to 5G and industrial infrastructure private networks, developing it into an essential security tool to detect and block communication disruption risks in critical facilities such as tanks and factory equipment in advance."

Responses from vendors varied. The free software platform Open5GS, developed by the global developer community, and Amarisoft, a French commercial LTE/5G network solution company, distributed patches or integrated fixes into their official repositories immediately after the research team’s report. However, Finnish telecommunications equipment manufacturer Nokia stated that it "complies with the 3GPP standard" and did not consider it a vulnerability, so it has no plans to make changes.

This research was supported by the Ministry of Science and ICT and the Institute of Information & Communications Technology Planning & Evaluation (IITP). Professor Kim stated, "Next-generation networks, including 5G and 6G as well as LTE, require a complete review of everything from authentication systems to data integrity. CIV will be the starting point for that change."

The research findings were published on October 14 in the proceedings of the ACM CCS 2025, an international conference organized by the Association for Computing Machinery. The paper is titled "CITesting: Systematic Testing of Context Integrity Violations in LTE Core Networks."

Son Mincheol and Kim Kwangmin, PhD candidates at KAIST’s School of Electrical Engineering, served as co-first authors. Oh Beomseok, also a PhD candidate at KAIST, Professor Park Chuljun of Kyung Hee University, and Professor Kim Yongdae of KAIST participated as co-authors.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.