GSM to UMTS Network Handover Vulnerability Testing Using Software-Defined Radio

This paper examines a possible vulnerability with the potential for a malicious entity to prevent a mobile device from handing over from a global system for mobile communications (GSM) to universal mobile telecommunications system (UMTS) network because the GSM network maintains the stand-alone dedicated control channel (SDCCH) uplink time slots.

The process of testing this vulnerability requires the development of a device that monitors a GSM base transceiver station, identifies when a handover to UMTS message is sent, tracks the time slots of the SDCCH uplink, and transmits a GSM handover-failure message. We present a scheme that utilizes parts of the Open BTS to transmit a GSM handover-failure message using a software defined radio. The method is validated through the collection of the GSM transmitter messages by Air probe’s GSM-receiver module.