New LTE attacks can snoop on messages, track locations and spoof emergency alerts

[LASER_oneXM]

A slew of newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts.

Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages.

Those flaws can allow authentication relay attacks that can allow an adversary to connect to a 4G LTE network by impersonating an existing user -- such as a phone number.

Although authentication relay attacks aren't new, this latest research shows that they can be used to intercept message, track a user's location, and stop a phone from connecting to the network.

"Our paper discusses in detail how anyone can perform the attacks in practice," Syed Rafiul Hussain, one of the researchers on the project alongside Omar Chowdhury, Shagufta Mehnaz, and Elisa Bertino, told ZDNet in an email.

What the researchers dubbed as LTEInspector is a testing framework that can help detect vulnerabilities in LTE radios and networks.

"Among the 10 newly detected attacks, we have verified eight of them in a real testbed with SIM cards from four major US carriers," he explained. "The root cause of most of these attacks are the lacks of proper authentication, encryption, and replay protection in the important protocol messages."