Advisory ID: ngCERT-2018-005
Platforms: 4G LTE wireless communication technology
Date: 19 March, 2018
4G LTE wireless communication technology vulnerabilities is an outcome of a research which exposes weaknesses in three critical protocol operations of the cellular network, such as attach, paging, and detach procedures. One of the attacks can create artificial chaos by sending fake emergency alerts to a large number of devices. It can also performs eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts on users of 4G LTE network.
Description and Consequences
The new 4G LTE wireless data communications technology for mobile devices and data terminals attack vectors were uncovered by a group of researchers at Purdue University and the University of Iowa. The attacks exploit design flaws in the communications protocol and unsafe practices employed by users. These weaknesses when exploited can be used to achieve things like impersonating existing users, spoofing the location of the victim device, delivering fake emergency and warning messages, eavesdropping on sms communications and authentication relay attack. Those flaws can also allow authentication relay attacks that permit an adversary to connect to a 4G LTE network by impersonating an existing user, such as a phone number. However, authentication relay attacks aren't new, but this latest research shows that they can be used to intercept message, track a user's location, and stop a phone from connecting to the network.
There are possible defences against these attacks, but the researchers refrained from offering any ideas. However, proper authentication, encryption, and replay protection in the important protocol messages should be adhered.