Vulnerabilities have been discovered in LTE that would make it possible for an attacker to tap into 4G networks for the purposes of spying on and hijacking 4G browsing sessions.
Vulnerabilities have been discovered in LTE that would make it possible for an attacker to tap into 4G networks for the purposes of spying on and hijacking 4G browsing sessions.
Security researchers from Ruhr-Universität, Bochum and New York University, Abu Dhabi show how three different attacks can be launched on the second layer of LTE — also known as the data link layer. Two passive attacks allow for identity mapping and website fingerprinting, while the active cryptographic aLTEr attack allows for DNS spoofing and network connection redirection.
The researchers, David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper, are due to share their findings at the 2019 IEEE Symposium on Security & Privacy next year, but has published a paper in the meantime. Their findings mean that all three protocol layers of LTE (physical, data link, and network) have been found to be problematic.
Current 4G networks are vulnerable, and it is thought that 5G networks could be as well. In the name of responsible disclosure, the group informed the likes of the GSM Association (GSMA), the 3rd Generation Partnership Project (3GPP), and telephone companies of its findings.
The four researchers share details of two passive attacks, but it is aLTEr that is the most concerning:
In the video below, you can see how an aLTEr attack is used to redirect a victim to a fake Hotmail website:
The attack requires the use of a custom-built cell tower which would cost a few thousand dollars to make. While this puts the attack out of the reach of the casual hacker, the cost is by no means prohibitive. There are fears that there is no way to patch the vulnerability without re-writing the LTE protocol.
When contacted by Ars Technica, the GSM Association said:
A detailed paper explaining the aLTEr attack can be found here .
Image credit: WHITE MARKERS / Shutterstock
