[ad_1]
We had already talked about problems related to the security of the 4G network. However, these days, a team of cybersecurity experts has badyzed the protocol in depth and found new ways to falsify.
This is 2 pbadive attacks and 1 active attacks acting at the data connection level. The first two, allow to make the identity mapping and the meta-information survey on the radio channel (website footprint).
The most dangerous attack is the most active, called aLTEr . Thanks to this, an attacker could execute an attack MITM (Man In The Middle) against a user, redirecting network connections via DNS spoofing . This occurs because of a flaw inherent in the LTE standard
The above attacks affect the way the LTE connection is encrypted, ie encryption AES-CTR which, in itself, is not fully protected. This allows cyber criminals to perform this type of attack.
The user has no way of defending himself except to view only sites that use HSTS (HTTP Strict Transport Security), different from the HTTPS protocol (secure HTTP) . It is up to the Internet Service Providers (ISPs) and then to the telephone operators to use authentication protocols of the type AES-GCM or ChaChat20-Poly1305 . As the researchers pointed out, however, the change would involve a high financial and organizational effort. Therefore, most managers might decide not to correct the vulnerability since it is not mandatory
It follows that even the 5G could be potentially uncertain . As authenticated encryption is an optional feature, many ISPs may decide not to adopt it in the new 5G networks that they build.
It will therefore be up to the users to evaluate which operators are the safest in time. In the meantime, to learn more about this topic, it is advisable to read the official statement of researchers
Source link
