Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the community's knowledge. Thank you, I plan on frequently updating this "Awesome Cellular Hacking" curated list with the most up to date exploits, blogs, research, and papers.
The idea is to collect information like the BMW article below, that slowly gets cleared and wiped up from the Internet - making it less accessible, and harder to find. Feel free to email me any document or link to add.
- LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements
- Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane
- Voice over LTE implementations contain multiple vulnerabilities - CERT ALERT
- White-Stingray: Evaluating IMSI Catchers Detection Applications
- LTE Recon - (Defcon 23)
- bladRF and YateBTS Configuration
- How To Build Your Own Rogue GSM BTS For Fun and Profit
- Using OpenBTS - "Experimental_Security_Assessment_of_BMW_Cars by KeenLab"
- Jam tomorrow, jam yesterday, but also jam today - Synacktiv
- AT&T Microcell FAIL - fail0verflow (Older blog article, but still a good read)
- WiFi IMSI Catcher
- 5G NR Jamming, Spoofing, and Sniffing: Threat Assessment and Mitigation
- D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov
- VoLTE Phreaking - Ralph Moonen
- LTE/LTE-A Jamming, Spoofing, and Sniffing: Threat Assessment and Mitigation
- Exploring LTE security and protocol exploits with open source software and low-cost software radio by Roger Jover
- LTE PROTOCOL EXPLOITS: IMSI CATCHERS,BLOCKING DEVICES AND LOCATION LEAKS
- Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems
- LTE security and protocol exploits
- TUTORIAL: LTE And 5G Protocol Security Procedures and Vulnerabllity ANALYSES using SDR
- Breaking_LTE_on_Layer_Two
- https://www.wired.com/story/dcs-stingray-dhs-surveillance/
- https://www.vice.com/en_us/article/gv5k3x/heres-how-much-a-stingray-cell-phone-surveillance-tool-costs
- https://www.nyclu.org/en/stingrays
- http://www.hackitoergosum.org/2010/HES2010-planglois-Attacking-SS7.pdf
- Getting in the SS7 kingdom: hard technology and disturbingly easy hacks= to get entry points in the walled garden
↑Cellular Software
- https://github.com/Evrytania/LTE-Cell-Scanner
- https://harrisonsand.com/imsi-catcher/
- https://github.com/Oros42/IMSI-catcher
- https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector
- https://github.com/ptrkrysik/gr-gsm/wiki/Passive-IMSI-Catcher