Awesome Cellular Hacking Hacking Cellular Networks

Awesome Cellular Hacking

Awesome Cellular Hacking. Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the community’s knowledge. Thank you, I plan on frequently updating this “Awesome Cellular Hacking” curated list with the most up to date exploits, blogs, research, and papers. (W00t3k

The idea is to collect information like the BMW article below, that slowly gets cleared and wiped up from the Internet – making it less accessible, and harder to find. Feel free to email me any document or link to add.




Evil BTS


OpenBTS software is a Linux application that uses a software-defined radio to present a standard 3GPP air interface to user devices, while simultaneously presenting those devices as SIP endpoints to the Internet

YateBTS is a software implementation of a GSM/GPRS radio access network based on Yate and is compatible with both 2.5G and 4G core networks comprised in our YateUCN unified core network server. Resiliency, customization and technology independence are the main attributes of YateBTS

srsLTE is a free and open-source LTE software suite developed by SRS (

GSM Traffic Impersonation and Interception Related Blogs


Common issues:

  • Improper FW
  • Lack of proper antennas
  • Wrong cellular phone type
  • Wrong SIM
  • Not configured correctly – Mobile Country Codes (MCC) and Mobile Network Codes (MNC)
  • Incorrect software BTS settings
  • Virtualized platform is not fast enough
  • Wrong SDR firmware


SS7/Telecom Specific

Jamming and Mapping


CERT/Media Alerts




Credits: W00t3k