Don’t hand it Over: Vulnerabilities in the Handover Procedure of Cellular Telecommunications

Evangelos Bitsikas, Christina Pöpper

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Mobility management in the cellular networks plays a significant role in preserving mobile services with minimal latency while a user is moving. To support this essential functionality the cellular networks rely on the handover procedure. Most often, the User Equipment (UE) provides signal measurements to the network via reports to facilitate the handover decision when it discovers a more suitable base station. These measurement reports are cryptographically protected. In this paper, we examine the cellular specification and illustrate that this crucial functionality has critical security implications. To the best of our knowledge, this is the first work on cellular Man-In-The-Middle attacks based on the handover procedure. In particular, we demonstrate a new type of fake base station attacks in which the handover procedures, based on the encrypted measurement reports and signal power thresholds, are vulnerable. An attacker who sets up a false base station mimicking a legitimate one can utilize the vulnerabilities in the handover procedure to cause Denial-Of-Service attacks, Man-In-The-Middle attacks, and information disclosure affecting the user as well as the operator. Therefore, users' privacy and service availability are jeopardized. Through rigorous experimentation, we uncover the vulnerable parts of the handover procedure, a comprehensive attacker methodology, and attack requirements. We largely focus on the 5G network showing that handover vulnerabilities remain unmitigated to date. Finally, we assess the impact of the handover attacks, and carefully present potential countermeasures that can be used against them.

Original languageEnglish (US)
Title of host publicationAnnual Computer Security Applications Conference
PublisherAssociation for Computing Machinery (ACM)
Number of pages16
ISBN (Electronic)978-1-4503-8579-4
StatePublished - Dec 6 2021

Publication series

NameACM International Conference Proceeding Series


  • 5G
  • Denial-of-service
  • False base stations
  • Handovers
  • LTE
  • Man-in-the-middle

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


Dive into the research topics of 'Don’t hand it Over: Vulnerabilities in the Handover Procedure of Cellular Telecommunications'. Together they form a unique fingerprint.

Cite this