Executing a denial-of-service attack on an LTE phone's hotspot mode; or, the perils of CSFB

Want to render a friend's hotspot mode useless while she's trying to get work done? Call her.

This is circuit-switched fallback's Achilles heel. The technology — heralded by AT&T's Ralph de la Vega last year as a boon for battery life and efficiency on LTE-enabled phones — does indeed reduce chip count and power drain, but there's no such thing as a free lunch: the tradeoff is that any call, incoming or outgoing, immediately drops the device to HSPA. Once the call is over, LTE can turn back on, though there's often a delay of up to half a minute or so for that transition to occur.

That wouldn't necessarily be a deal-breaker if the handoff from LTE to HSPA was seamless, but in practice it rarely (if ever) is. Every time I'm at a coffee shop and I suddenly lose my connection to the internet, I look at my phone — sure enough, ten times out of ten, I've just missed a call. That's right: merely being called drops LTE. You don't have to answer! Then I wait for LTE service to return (bear in mind that AT&T HSPA is useless in downtown Chicago on weekdays), or, if I'm in a hurry, I'll cycle airplane mode on and off to speed it up.

So you can imagine how this would render hotspot mode useless in an LTE market if you receive a decent number of calls throughout the day. Or, you know, if you've got a jerk friend who's trying to ruin your productivity.