An intruder may succeed in disabling encryption on the radio interface by several means.
The intruder may masquerade completely as a serving network. The intruder can either use a man-in-the-middle attack by establishing two connections, one to the user and one to a valid serving network (relaying data with or without modifications between a user and a valid serving network) or just masquerade as a serving network without establishing a link to a real network. In any case, the intruder may be able to suppress encryption between the user and himself by sending the appropriate signalling messages.
Alternatively, the intruder may just manipulate the signalling messages by which the user and serving network agree on their ciphering capabilities to create an incompatibility that will prevent ciphering from being established.
The threats following these actions are described below:
Eavesdropping of a genuine call
Once encryption is disabled, the intruder can capture signalling and user traffic.
Answering a mobile originated call
When the target attempts to make a call, the intruder relays the messages between the target and the true network until after authentication is completed. The intruder cuts the connection with the true network suppresses encryption and proceeds to set up the call as a new call (to any suitable network) and under the intruder's own full control.
Authentication data can get compromised, either during its transport between the home environment and the serving network, or by unauthorised access to databases.
Forcing use of a compromised cipher key
The intruder obtains a sample of authentication data and uses it to convince the user that he is connected to a proper serving network, and forces the use of a compromised cipher key. The intruder may force the repeated use of the same authentication data to ensure the same encryption key will be used for many calls. Leads to continuous eavesdropping.
Impersonating the user
The intruder obtains a sample of authentication data and uses it to impersonate a user towards the serving network. Masquerading as a base station towards the serving network (or eavesdropping on such a connection) could be used to obtain valid authentication data for this attack.
Reusing authentication data
The intruder forces the repeated use of the same authentication data. Weaknesses in the efficiency of the encryption protection may be exploited either for cipher cryptanalysis or protocol attacks.
The goal of these attacks is to access mobile communication services on the target's account.
Hijacking services for outgoing calls
While the target camps on the false base station, the intruder pages the target for an incoming call. The user then initiates the call set-up procedure, which the intruder allows to occur between the serving network and the target, modifying the signalling elements such that to the serving network it appears as if the target wants to set-up a mobile originated call. After authentication the intruder releases the target, and subsequently uses the connection to make fraudulent calls on the target's subscription.
This could be possible if the network does not enable encryption, or if the intruder can disable encryption (as in A.2) or if the intruder has access to the cipher key (as in A.3).
Hijacking incoming calls
While the target camps on the false base station, an associate of the intruder makes a call to the target's number. The intruder allows call set-up between target and serving network. After authentication the intruder releases the target, and subsequently uses the connection to answer the call made by his associate. The target will have to pay for the roaming leg.
This works either if the network does not enable encryption, or if the intruder can disable encryption (as in A.2) or if the intruder has access to the cipher key (as in A.3).