With 5G Looming, vulnerabilities of 4G LTE begin to be exposed



[ad_1]

Cybersecurity researchers are beginning to publicly expose a number of vulnerabilities in the Long Term Evolution standard, a 4G specification that is currently the most widely used technology for mobile communications in the world and is generally considered highly secure. A new research paper released last week describes a number of these problems that allow attackers to spy on users and reroute their devices with the help of specialized equipment. The consortium of the GSM Association does not consider that the newly reported issues are critical in nature because of the complicated configuration they need and does not believe that they have ever been used to target devices in the past.

Attacks must be made within a one mile radius of the target. Rightly called "aLTEr", this technique exploits the fundamental design of the LTE specification and therefore can not be adequately corrected. Due to the lack of suspicious encryption protocols for data authentication, exploiting this vulnerability can allow hackers to infect encrypted packets and manipulate IP addresses that are not available. they send to users even without fully discovering the content. With the help of a malicious domain name server, attackers can redirect unsuspecting users to phishing websites or other destinations used to steal their information, infect their devices or spy on them

. mapping techniques that can be exploited to obtain sensitive information exchanged by cellular devices and base stations, according to the same report written by an international team of security researchers. Users can eliminate the risk of being compromised by aLTEr by visiting only websites that use DNS security extensions and Strict Transport Security HTTP protocol. The GSM Association was already aware of the vulnerabilities before they were published, the consortium said in a statement. The Release 5 5G standard can address weaknesses through user plan integrity protection, but the latest version of the standard defines this solution as an optional addition to any wireless implementation, while researchers behind the last report now invite 3GPP to the system is mandatory and avoids transgenerational vulnerabilities.

[ad_2]
Source link