Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the community’s knowledge. Thank you, I plan on frequently updating this “Awesome Cellular Hacking” curated list with the most up to date exploits, blogs, research, and papers.

The idea is to collect information like the BMW article below, that slowly gets cleared and wiped up from the Internet – making it less accessible, and harder to find. Feel free to email me any document or link to add.

Defcon/BH 2019


Evil BTS

OpenBTS software is a Linux application that uses a software-defined radio to present a standard 3GPP air interface to user devices, while simultaneously presenting those devices as SIP endpoints to the Internet

YateBTS is a software implementation of a GSM/GPRS radio access network based on Yate and is compatible with both 2.5G and 4G core networks comprised in our YateUCN unified core network server. Resiliency, customization and technology independence are the main attributes of YateBTS

srsLTE is a free and open-source LTE software suite developed by SRS (

GSM Traffic Impersonation and Interception Related Blogs

Common issues:

  • Improper FW
  • Lack of proper antennas
  • Wrong cellular phone type
  • Wrong SIM
  • Not configured correctly – Mobile Country Codes (MCC) and Mobile Network Codes (MNC)
  • Incorrect software BTS settings
  • Virtualized platform is not fast enough
  • Wrong SDR firmware


SS7/Telecom Specific

Jamming and Mapping


CERT/Media Alerts



Bad Authentication data.