LTE networks are easy prey for jamming attacks

LTE networks can be directly knocked out by intentional and sophisticated jamming attacks enabled by cheap equipment and a little technical know-how, according to researchers who raised a red flag regarding the technology's planned use in the 700 MHz national public-safety broadband network.

"An example strategy would be to target specific control or synchronization signals, in order to increase the geographic range of the jammer and better avoid detection. The availability of low-cost and easy to use software-defined radios makes this threat even more realistic," said the Wireless @ Virginia Tech research group in a filing submitted last week to the National Telecommunications and Information Administration.

"It is very possible for radio jamming to accompany a terrorist attack, for the purpose of preventing communications and increasing destruction. Likewise it is possible for criminal organizations to create mayhem among public-safety personnel by jamming," said the filing posted by Jeff Reed, director of Virginia Tech's wireless research group, and graduate research assistant Marc Lichtman.

A laptop combined with an inexpensive, battery-operated software-defined radio unit--which might sell for as little as $650--could swiftly knock offline an LTE macrocell serving thousands of people. "Picture a jammer that fits in a small briefcase that takes out miles of LTE signals--whether commercial or public safety," Reed told MIT Technology Review. He added that it would be difficult to defend against such an attack.

LTE is particularly susceptible to jamming because its signal relies upon control instructions that make up less than 1 percent of the overall signal, and some of those instructions govern the essential time synchronization and frequency synchronization functions upon which LTE relies. Because LTE standards are openly published, "any communications engineer would be able to figure this stuff out," Lichtman said.

Acknowledging that there are important cost advantages in making the planned public-safety LTE system compatible with commercial devices and systems, Reed and Lichtman concluded in their filing that "seeking solutions that achieve this compatibility while providing protection are desirable."

Nov. 9 was the filing deadline for comments regarding network design as well as initial steps that the First Responder Network Authority (FirstNet) should take to establish the 700 MHz public-safety LTE network. The deadline was extended from Nov. 1 due to the effects of Hurricane Sandy.

For more:
- see this NTIA filing (PDF)
- see this MIT Technology Review article

Related articles:
Sprint, Verizon, others argue for role in building FirstNet 700 MHz LTE network
Little consensus in early FirstNet comments
Alcatel-Lucent makes headway in public-safety LTE testing
FirstNet faces long odds for success
First multivendor public-safety LTE network used at GOP convention