They discover serious security breaches in LTE (4G)



[ad_1]

A team of academics yesterday released a survey describing three vulnerabilities to the LTE mobile communication standard, also known as 4G

Two of the three attacks are pbadive, which means that one attacker can spy. traffic and complete various details about the victim, while the third is an active attack that allows the attacker to manipulate the data sent by an LTE user.

According to the investigators, pbadive attacks allow the attacker to collect metadata on the traffic aLTEr can redirect the users to malicious sites

The researchers qualified the active attack of "aLTEr" because it has instrusive capabilities, while the second allows the attacker to determine which sites would be visited by the user. who in the experiments managed to redirect users' requests to malicious sites, modifying them for the moment, users should not fear these attacks because for a hacker to perpetrate them, he needs specialized equipment and specialized software, which would leave the vast majority of attackers [19659007] "We carry out the attacks in an experimental configuration in our laboratory that depends on a special equipment and an environment controlled, "said the researchers. "These requirements are, for the moment, difficult to meet in real LTE networks, however, with some engineering efforts, our attacks can also be made in nature."

The attackers must be close …

The equipment needed to carry out such attacks is very similar to that of the devices called "IMSI sensors" or "Stingray", equipment used by the forces of the 39; order around the world to fool the phone of a target and connect it to a tower.

Next, the attacks are done in the same way, and the attacker must deceive the victim's LTE device to connect first, and then the attacker device redirects the traffic to the real telephony tower.

As such, the proximity of the victim is paramount, and the attack can not be done on the Internet, which requires the presence of the attacker on the site. The difference between an aLTEr attack and a clbadic IMSI receiver is that IMSI receivers perform pbadive MitM attacks to determine the geographic location of a target, whereas an LTEr can actually change what the 39; user sees on his device.

possible because of low LTE encryption

With regard to the technical details of the three attacks, there are three vulnerabilities in one of the two layers of LTE called data layer, which carries the actual data of l & # 39; user. The other layer is the control layer and is the one that controls and maintains the 4G connection of the user.

According to the researchers, the vulnerabilities exist because the layer of data is not protected, so an attacker can intercept, alter They can then retransmit the modified packets to the actual cell tower

They can do it because 4G data packets are not protected by integrity, which means that it is possible to change data bits, even if the data is encrypted.

The defects also affect the next standard 5G

The research team, consisting of three researchers from the Ruhr University in Bochum Germany and a researcher at the University of the Ruhr. New York University indicates that it has notified relevant institutions such as GSM. Association (GSMA), Third Generation Partnership Project (3GPP) and the telephone companies on the problems they have discovered.

They warned that the problem could also affect the next version of the 5G standard in its current form. Experts said the 5G standard includes additional security features (stronger encryption in the data layer) to prevent rtL attacks, but they are currently optional.

The research team published its findings in a research paper titled "Breaking LTE in Layer Two", which they plan to present at the IEEE 2019 Symposium on Security and Confidentiality to be held in May 2019 in San Francisco.

Source: https://www.bleepingcomputer.com/news/security/safety-flaws-introduced-in-lg-4g-mobile- standard-telephony /

[ad_2]
Source link