Unveiling the hidden dangers of public IP addresses in 4G/LTE cellular data networks

Abstract

While it is often convenient for mobile cellular devices to have a public IP address, we show that such devices are vulnerable to stealthy malicious attacks. In particular, we show with experiments on three 4G/LTE cellular data networks in Singapore that it is easy for an attacker to initiate three different types of attacks on such mobile devices: (i) data quota drain, (ii) DoS flooding, and (iii) battery drain. Our experiments show that a potential attacker can completely exhaust the monthly data quota within a few minutes, completely choke the data connection of a mobile subscriber with a data stream of just 3 Mb/s, and increase the battery drain rate by up to 24 times. Finally, we argue that a simple proxy-based firewall with a secret IP address would be an effective and feasible defense against such potential attacks.