Long Term Evolution (LTE) is the de-facto standard for mobile communication. It provides effective security features but leaves room for misunderstandings in its configuration and implementation. In particular, providers face difficulties when maintaining network configurations.

In this paper, we analyze the security configuration of commercial LTE networks. We enhance the open baseband srsLTE with support for commercial networks and perform a subsequent analysis. In more detail, we test the security algorithm selection in a total of twelve LTE networks in five European countries. We expose four misconfigured networks and multiple cases of implementation issues. Three insecure networks fail to enforce integrity protection and encryption, which enables an adversary to impersonate victims towards the network. We provide a proof-of-concept attack in a live network, where the adversary obtains an IP address at the victim's cost. Our work is an appeal to security as a holistic state, which requires not only secure specifications but also secure configurations.