Advisory on 4G LTE vulnerability Exploit

Risk:                 MEDIUM            

Damage:           HIGH        

Advisory ID:       ngCERT-2018-005

Platforms:          4G LTE wireless communication technology

Date:                19 March, 2018

Summary

4G LTE wireless communication technology vulnerabilities is an outcome of a research which exposes weaknesses in three critical protocol operations of the cellular network, such as attach, paging, and detach procedures. One of the attacks can create artificial chaos by sending fake emergency alerts to a large number of devices. It can also performs eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts on users of 4G LTE network.

Description and Consequences

The new 4G LTE wireless data communications technology for mobile devices and data terminals attack vectors were uncovered by a group of researchers at Purdue University and the University of Iowa. The attacks exploit design flaws in the communications protocol and unsafe practices employed by users. These weaknesses when exploited can be used to achieve things like impersonating existing users, spoofing the location of the victim device, delivering fake emergency and warning messages, eavesdropping on sms communications and authentication relay attack. Those flaws can also allow authentication relay attacks that permit an adversary to connect to a 4G LTE network by impersonating an existing user, such as a phone number. However, authentication relay attacks aren't new, but this latest research shows that they can be used to intercept message, track a user's location, and stop a phone from connecting to the network.

Solution

There are possible defences against these attacks, but the researchers refrained from offering any ideas. However, proper authentication, encryption, and replay protection in the important protocol messages should be adhered.

References

  • https://www.helpnetsecurity.com/2018/03/05/lte-attacks/
  • http://www.zdnet.com/article/new-lte-attacks-eavesdrop-on-messages-track-locations-spoof-alerts/
  • http://www.zdnet.com/article/stingray-security-flaw-cell-networks-phone-tracking-surveillance/
  • https://www.theinquirer.net/inquirer/news/3027771/hackers-can-use-4g-lte-protocol-bugs-to-snoop-on-texts-and-spoof-emergency-calls
  • http://www.isssource.com/4g-lte-attacks-uncovered/
image
Security Alert

& Advisory

Read More image
image
We Love to

Hear From You

Send Your Enquiry Here image
Join Our Newsletter