Critical Flaws Let Attackers Hijack Cellular Phone Towers

August 23, 2016

Three critical security flaws in BTS stations allow attackers to compromise, hijack, crash mobile cell towers, security researchers from Zimperium have discovered.

BTS (Base Transceiver Station) is the technical term used to describe cellular phone towers we all see every day in our towns, villages, and spread all over the fields, hills, and mountains.

BTS stations are the backbone of every mobile network around the world and are used to relay calls, SMS messages, and data packets from our phones to the mobile operator’s data center, which in turn interconnect calls, transmit the SMS messages to their destination, and sends data packets over the Internet to the servers we are trying to reach.

BTS stations are universally deployed, regardless if the underlying mobile network runs on GSM, UTMS, or LTE technologies.

Flaws affect multiple products from multiple vendors

Mobile security firm Zimperium, the company that found the Stagefright bug, says it discovered three critical flaws in several software packages that run on BTS stations.

According to Zimperium, other software packages not included in their tests might also be affected since they all seem to run in the same manner, with a similar architecture.

Affected vendors and their software include Legba Incorporated (YateBTS <= 5.0.0), Range Networks (OpenBTS <= 4.0.0 and OpenBTS-UMTS <= 1.0.0), and OsmoCOM (Osmo-TRX <= 0.1.10 and Osmo-BTS <= 0.1.10).

Read full story…