{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T16:40:08Z","timestamp":1778085608469,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":58,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA8650-19-1-196"],"award-info":[{"award-number":["FA8650-19-1-196"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2054911,CNS-2055014,CNS-1933208"],"award-info":[{"award-number":["CNS-2054911,CNS-2055014,CNS-1933208"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3670320","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"2027-2041","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3315-938X","authenticated-orcid":false,"given":"Nathaniel","family":"Bennett","sequence":"first","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9812-6634","authenticated-orcid":false,"given":"Weidong","family":"Zhu","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-2734-3301","authenticated-orcid":false,"given":"Benjamin","family":"Simon","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-8468-4915","authenticated-orcid":false,"given":"Ryon","family":"Kennedy","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3043-8092","authenticated-orcid":false,"given":"William","family":"Enck","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7143-5189","authenticated-orcid":false,"given":"Patrick","family":"Traynor","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7498-4239","authenticated-orcid":false,"given":"Kevin R. B.","family":"Butler","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"3GPP. 2018. 3GPP TS 38.331 V15.3.0. Technical Report. 3GPP. https:\/\/www.etsi.org\/deliver\/etsi_ts\/138300_138399\/138331\/15.03.00_60\/ts_138331v150300p.pdf"},{"key":"e_1_3_2_1_2_1","unstructured":"3GPP. 2019. 3GPP TS 36.423 V15.5.0. Technical Report. https:\/\/www.etsi.org\/deliver\/etsi_ts\/136400_136499\/136423\/15.05.00_60\/ts_136423v150500p.pdf"},{"key":"e_1_3_2_1_3_1","unstructured":"3GPP. 2023. 3GPP TS 24.301 V16.9.0. Technical Report. ETSI. https:\/\/www.3gpp.org\/ftp\/Specs\/archive\/24_series\/24.301\/24301-g90.zip"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534376"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382221"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-016-0338-9"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23412"},{"key":"e_1_3_2_1_8_1","first-page":"1","article-title":"REDQUEEN: Fuzzing with Input-to-State Correspondence","volume":"19","author":"Aschermann Cornelius","year":"2019","unstructured":"Cornelius Aschermann, Sergej Schumilo, Tim Blazytko, Robert Gawlik, and Thorsten Holz. 2019. REDQUEEN: Fuzzing with Input-to-State Correspondence. In NDSS, Vol. 19. 1--15.","journal-title":"NDSS"},{"key":"e_1_3_2_1_9_1","unstructured":"Athonet. [n. d.]. Our Customers. https:\/\/athonet.com\/customers\/"},{"key":"e_1_3_2_1_10_1","unstructured":"AT&T. 2023. AT&T Cell Booster. https:\/\/web.archive.org\/web\/20230622145138\/https:\/\/www.att.com\/buy\/accessories\/Specialty-Items\/att-cell-booster.html"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062349"},{"key":"e_1_3_2_1_12_1","volume-title":"USENIX Security Symposium.","author":"Blazytko Tim","year":"2019","unstructured":"Tim Blazytko, Cornelius Aschermann, Moritz Schl\u00f6gel, Ali Reza Abbasi, Sergej Schumilo, Simon W\u00f6rner, and Thorsten Holz. 2019. GRIMOIRE: Synthesizing Structure while Fuzzing. In USENIX Security Symposium."},{"key":"e_1_3_2_1_13_1","unstructured":"BNAmericas. [n. d.]. Brisanet Brings Connectivity to Remote Areas in the Northeast with Magma. https:\/\/web.archive.org\/web\/20240123162926\/https:\/\/www.bnamericas.com\/en\/news\/brisanet-brings-connectivity-to-remote-areas-in-the-northeast-with-magma"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00104"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3448300.3469133"},{"key":"e_1_3_2_1_16_1","unstructured":"Sprint Corporation. 2023. Sprint Airave Support. https:\/\/web.archive.org\/web\/20230622145651\/https:\/\/www.sprint.com\/en\/support\/solutions\/device\/airave-support-center.html"},{"key":"e_1_3_2_1_17_1","unstructured":"Doug DePerry Tom Ritter and Andrew Rahimi. 2013. Traffic Interception & Remote Mobile Phone Cloning with a Compromised CDMA Femtocell. Technical Report. DEF CON."},{"key":"e_1_3_2_1_18_1","unstructured":"NTT DoCoMo. 2024. Super-Compact Base Station for Femtocells. https:\/\/web.archive.org\/web\/20240122234628\/https:\/\/www.docomo.ne.jp\/english\/corporate\/technology\/rd\/tech\/network\/femtocells\/"},{"key":"e_1_3_2_1_19_1","unstructured":"DrmnSamoLiu. 2018. CVE-2018--6311\/CVE-2018--6312. https:\/\/gist.github.com\/DrmnSamoLiu\/cd1d6fa59501f161616686296aa4a6c8"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102171"},{"key":"e_1_3_2_1_21_1","unstructured":"ENISA. 2021. Telecom Security Incidents 2020 - Annual Report. Technical Report. European Union Agency for Cybersecurity. https:\/\/www.enisa.europa.eu\/publications\/telecom-annual-incident-reporting-2020"},{"key":"e_1_3_2_1_22_1","unstructured":"ETSI. 2024. ETSI EN 302 637--2 V1.4.1. Technical Report. https:\/\/www.etsi.org\/deliver\/etsi_en\/302600_302699\/30263702\/01.04.01_60\/en_30263702v010401p.pdf"},{"key":"e_1_3_2_1_23_1","volume-title":"Folly: Facebook Open-Source Library. Facebook. https:\/\/github.com\/facebook\/folly","year":"2023","unstructured":"Facebook. 2023. Folly: Facebook Open-Source Library. Facebook. https:\/\/github.com\/facebook\/folly"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/GLOBECOM48099.2022.10001673"},{"key":"e_1_3_2_1_25_1","unstructured":"O2 Germany. 2023. O2 Business Femtocell\/Signal Box. https:\/\/web.archive.org\/web\/20240122235101\/https:\/\/www.businesstarife.de\/femtocell\/"},{"key":"e_1_3_2_1_26_1","volume-title":"Femtocells: Poisonous Needle in the Operator's Hay Stack. Technical Report. Blackhat USA.","author":"Golde N","year":"2011","unstructured":"N Golde, R Borgaonlar, and K Redon. 2011. Femtocells: Poisonous Needle in the Operator's Hay Stack. Technical Report. Blackhat USA."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN54977.2022.9868872"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23136"},{"key":"e_1_3_2_1_29_1","volume-title":"Mining Input Grammars with AUTOGRAM. In 2017 IEEE\/ACM 39th International Conference on Software Engineering Companion (ICSE-C). IEEE, 31--34","author":"Hoschele Matthias","year":"2017","unstructured":"Matthias Hoschele and Andreas Zeller. 2017. Mining Input Grammars with AUTOGRAM. In 2017 IEEE\/ACM 39th International Conference on Software Engineering Companion (ICSE-C). IEEE, 31--34."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23313"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354263"},{"key":"e_1_3_2_1_32_1","unstructured":"Jio. 2024. JioConnect. https:\/\/www.jio.com\/business\/jio-connect"},{"key":"e_1_3_2_1_33_1","volume-title":"T-Fuzz: Model-based Fuzzing for Robustness Testing of Telecommunication Protocols. Seventh International Conference on Software Testing, Verification and Validation","author":"Johansson William","year":"2014","unstructured":"William Johansson, Martin Svensson, Ulf Larson, Magnus Almgren, and Vincenzo Gulisano. 2014. T-Fuzz: Model-based Fuzzing for Robustness Testing of Telecommunication Protocols. Seventh International Conference on Software Testing, Verification and Validation (2014), 323--332."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24365"},{"key":"e_1_3_2_1_35_1","volume-title":"Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane. IEEE Symposium on Security and Privacy (SP)","author":"Kim Hongil","year":"2019","unstructured":"Hongil Kim, Jiho Lee, Eunkyu Lee, and Yongdae Kim. 2019. Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane. IEEE Symposium on Security and Privacy (SP) (2019), 1153--1168."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243804"},{"key":"e_1_3_2_1_37_1","unstructured":"Sukchan Lee. 2023. Support - Open5GS. https:\/\/web.archive.org\/web\/20230930053106\/https:\/\/open5gs.org\/open5gs\/support\/"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.12.032"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395351.3399360"},{"key":"e_1_3_2_1_40_1","volume-title":"Spdlog: Fast C logging library. Github. https:\/\/github.com\/gabime\/spdlog","author":"Melman Gabi","year":"2023","unstructured":"Gabi Melman. 2023. Spdlog: Fast C logging library. Github. https:\/\/github.com\/gabime\/spdlog"},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Mulliner Collin","year":"2011","unstructured":"Collin Mulliner, Nico Golde, and Jean-Pierre Seifert. 2011. SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_3_2_1_42_1","unstructured":"O2. 2023. Boostbox Guide. https:\/\/web.archive.org\/web\/20231010170442\/https:\/\/www.o2.co.uk\/help\/network-coverage-and-international\/boostbox-guide"},{"key":"e_1_3_2_1_43_1","unstructured":"OpenAirInterface. [n. d.]. OSA Members - OpenAirInterface. https:\/\/web.archive.org\/web\/20231226212507\/https:\/\/openairinterface.org\/osa-members\/"},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Park CheolJun","year":"2021","unstructured":"CheolJun Park, Sangwook Bae, BeomSeok Oh, Jiho Lee, Eunkyu Lee, Insu Yun, and Yongdae Kim. 2021. DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_3_2_1_45_1","volume-title":"AFLNet: A Greybox Fuzzer for Network Protocols. In 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST). IEEE, 460--465","author":"Pham Van-Thuan","year":"2020","unstructured":"Van-Thuan Pham, Marcel B\u00f6hme, and Abhik Roychoudhury. 2020. AFLNet: A Greybox Fuzzer for Network Protocols. In 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST). IEEE, 460--465."},{"key":"e_1_3_2_1_46_1","first-page":"1980","article-title":"Smart Greybox Fuzzing","volume":"47","author":"Pham Van-Thuan","year":"2019","unstructured":"Van-Thuan Pham, Marcel B\u00f6hme, Andrew E Santosa, Alexandru Ruazvan Cuaciulescu, and Abhik Roychoudhury. 2019. Smart Greybox Fuzzing. IEEE Transactions on Software Engineering, Vol. 47, 9 (2019), 1980--1997.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/WiMob52687.2021.9606317"},{"key":"e_1_3_2_1_48_1","first-page":"117","article-title":"Secrets of the Little Blue Box","volume":"76","author":"Rosenbaum Ron","year":"1971","unstructured":"Ron Rosenbaum. 1971. Secrets of the Little Blue Box. Esquire Magazine, Vol. 76 (1971), 117--125.","journal-title":"Esquire Magazine"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519591"},{"key":"e_1_3_2_1_50_1","unstructured":"Toby Shapshak. [n. d.]. African Internet Connectivity Gets a Mobile World Congress Boost. https:\/\/www.forbes.com\/sites\/tobyshapshak\/2019\/02\/27\/african-internet-connectivity-gets-a-mobile-world-congress-boost\/'sh=434ed2c4c607"},{"key":"e_1_3_2_1_51_1","unstructured":"European Space Agency. 2015. ASN1SCC - ASN.1 Space Certifiable Compiler. https:\/\/essr.esa.int\/project\/asn1scc-asn-1-space-certifiable-compiler"},{"key":"e_1_3_2_1_52_1","unstructured":"T-Mobile. 2023. Register a Signal Booster. https:\/\/web.archive.org\/web\/20230622145341\/https:\/\/www.t-mobile.com\/support\/coverage\/register-a-signal-booster"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653690"},{"key":"e_1_3_2_1_54_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Traynor Patrick","year":"2007","unstructured":"Patrick Traynor, Patrick McDaniel, and Thomas La Porta. 2007. On Attack Causality in Internet-Connected Cellular Networks. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_3_2_1_55_1","volume-title":"Security for Telecommunications Networks","author":"Traynor Patrick","unstructured":"Patrick Traynor, Patrick McDaniel, and Thomas La Porta. 2008. Security for Telecommunications Networks. Vol. 40. Springer Science & Business Media."},{"key":"e_1_3_2_1_56_1","unstructured":"Verizon. 2023. Verizon LTE Network Extender. https:\/\/web.archive.org\/web\/20230622145025\/https:\/\/www.verizon.com\/products\/verizon-lte-network-extender\/"},{"key":"e_1_3_2_1_57_1","unstructured":"J Webb-Twoomey. 2023. The Rising Threat Landscape for Cell Towers. BioConnect. https:\/\/bioconnect.com\/2023\/05\/31\/the-rising-threat-landscape-for-cell-towers\/"},{"key":"e_1_3_2_1_58_1","unstructured":"Y Zheng and H Shan. 2015. Hacking Femtocell. Technical Report. DEF CON."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670320","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3670320","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:19:39Z","timestamp":1755843579000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670320"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":58,"alternative-id":["10.1145\/3658644.3670320","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3670320","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}