Abstract: In 2012, my group showed that an attacker can check if a victim is within an area (up to 1 km x 1 km accuracy) without
permission from Telcos in 3G cellular networks. Since then, several papers have been published to show that the same attack works for 4G
LTE networks. In addition to this location privacy issues, researchers have shown that 3GPP standards are leaking a lot of information. For
example, an unprivileged 3rd party can 1) track RNTI (a temporary radio ID) and TMSI (a temporary ID associated with the victim) and 2)
obtain scheduling information of a particular user from messages broadcasted from cell towers. In the first part of the talk, I will explain how this is possible. In the second part, I will explain how this information could be used for 1) fingerprinting apps and movies a victim uses or 2) precise (< 15 m accuracy) physical localization of
the victim’s smartphone.

About the speaker

Yongdae Kim is a Professor in the Department of Electrical Engineering and the Graduate School of Information Security at KAIST.

He received a PhD degree from the computer science department at the University of Southern California under the guidance of Gene Tsudik in Before joining KAIST in 2012, he was a professor in the Department of Computer Science and Engineering at the University of Minnesota – Twin Cities for 10 years. He served as a KAIST Chair Professor between 2013 and 2016 and a director of Cyber Security Research Center between 2018 and 2020. He is a program committee chair  for ACM WISEC 2022, was a general chair for ACM CCS 2021, and served as an associate editor for ACM TOPS and a steering committee member of NDSS. His main research interests include novel attacks for emerging technologies such as drone/self-driving cars, cellular networks, and Blockchain