MitM attack
Many previous studies, employed a rogue BTS in a 2G/3G network. However, the Man in the Middle (MitM) attack in LTE networks received less attention . Rupprecht et al. showed that an LTE dongle could be used for eavesdropping and tampering if the dongle incorrectly allows null integrity to both the control and data plane. Hussain et al. demonstrated an Authentication relay attack to eavesdrop a victim UE’s data communication if the carrier uses null encryption to the data plane. In addition, Rupprecht et al. showed that the IP address the DNS server includes in a packet could be manipulated when the counter mode was used for user data encryption in LTE. The former can be used for eavesdropping only if a carrier allows null encryption, whereas the latter enables DNS hijacking. Unlike the above studies, omitting the Security mode command enables the user data to be communicated in plain text and can even be manipulated regardless of the integrity/encryption policy of the carrier.