New update: The weaknesses of the 3GPP specification have been acknowledged by GSMA: CVD-2021-0049.
New update: CNVD assigned codes for the core network vulnerabilities: CNVD-2020-38504, CNVD-2020-67628, CNVD-2020-71678.
New update: CNNVD assigned codes for the core network vulnerabilities: CNNVD-202006-1314,CNNVD-202011-1745. Notably, CNNVD will publish the vulnerability details on their website after the manufacturers fix them.
New update: Our discovery on Xiaomi Mix 2 has been confirmed by Xiaomi that they are design weakness.
New update: Samsung and Google acknowledged our discovered vulnerabilities. And Google Rewards Committee rewarded us USD $2000 for reporting the Moderate severity vulnerability.
New update: MME vulnerabilities have been confirmed by authorized parties on major cellular networks. Vulnerability codes have been officially assigned (with a high-risk rating) and vulnerability summary information has been announced. According to the summary, so far manufacturers have not provided solutions yet.
New update: The Android security team has confirmed the UE'S vulnerabilities on Nexus phones. They are targeting a fix to be released in the next quarterly update of Android.
We are working with authorized parties to verify the presence of the vulnerabilities in major carrier networks. So far, we are in the process of being granted vulnerability codes.