- Feb 4, 2016
- 2,520
A team of academics has published research yesterday that describes three attacks against the mobile communication standard LTE (Long-Term Evolution), also known as 4G.
Two of the three attacks are passive, meaning an attacker can watch LTE traffic and determine various details about the target, while the third is an active attack that lets the attacker manipulate data sent to the user's LTE device.
According to researchers, the passive attacks allow an attacker to collect meta-information about the user's traffic (an identity mapping attack), while the second allows the attacker to determine what websites a user might be visiting through his LTE device (a website fingerprinting attack).
aLTEr attack can redirect users to malicious websites
Researchers nicknamed the active attack aLTEr because of its intrusive capabilities, which they used in experiments to redirect users to malicious sites by altering DNS packets (DNS spoofing). Below is a demo of an aLTEr attack recorded by researchers.
...
.....
Attacks possible because of weak LTE encryption
As for the technical details of the three attacks, the three vulnerabilities exist in one of the two LTE layers called the data layer, the one that transports the user's actual data. The other layer is the control layer and that's the one that controls and keeps the user's 4G connection running.
According to researchers, the vulnerabilities exist because the data layer is not protected, so an attacker can intercept, alter, and then relay the modified packets to the actual cell tower.
They can do this because 4G data packets are not integrity-protected, meaning it's possible to change bits of data, despite the data being encrypted.
... ....
Flaws also impact upcoming 5G standard
The research team, made up of three researchers from the Ruhr-University in Bochum, Germany and a researcher from New York University, say they have notified relevant institutions such as the GSM Association (GSMA), 3rd Generation Partnership Project (3GPP), and telephone companies about the issues they discovered.
They warned the issue could also affect the upcoming version of the 5G standard in its current form. Experts said the 5G standard includes additional security features (stronger encryption at the data layer) to prevent aLTEr attacks, but these are currently optional.