The security flaws of legacy GSM networks, which lack of mutual authentication and implement an outdated encryption algorithm, are well understood among the technology community. Moreover, until now, the main cellular vulnerabilities being discovered and exploited in the mobile security research field were based on 2G base stations and GSM open source implementations. The Long Term Evolution (LTE) is the newest standard being deployed globally for mobile communications, and is generally considered secure. LTE’s mutual authentication and strong encryption schemes result in the false assumption that LTE networks are not vulnerable to, for example, rogue base stations, IMSI catchers and protocol exploits. However, these threats are also possible in LTE. Before the authentication and encryption steps of an LTE connection are executed, a mobile device engages in a substantial exchange of unprotected messages with *any* LTE base station (real or rogue) that advertises itself with the right broadcast information. Eavesdropping or spoofing these messages can be leveraged to implement a long list of exploits to which all LTE mobile devices are vulnerable. This talk will demonstrate how to eavesdrop LTE base station broadcast messages, and how to implement full-LTE IMSI catchers and other LTE protocol exploits, such as blocking SIMs and devices. Details will be provided as well on a previously unknown technique to track the location of mobile devices as the connection moves from tower to tower. We will discuss as well the necessary toolset to implement these and other exploits, which are possible with simply $1.5k worth of off-the-shelf hardware and some modifications of the code of widely available LTE open source implementations.