LTE wireless connections used by billions aren’t as secure as we thought
- by 7wData
The Long Term Evolution mobile device standard used by billions of people was designed to fix many of the security shortcomings in the predecessor standard known as Global System for Mobile communications. Mutual authentication between end users and base stations and the use of proven encryption schemes were two of the major overhauls. Now, researchers are publicly identifying weaknesses in LTE that allow attackers to send nearby users to malicious websites and fingerprint the sites they visit.
The attacks work because of weaknesses built into the LTE standard itself. The most crucial weakness is a form of encryption that doesn’t protect the integrity of the data. The lack of data authentication makes it possible for an attacker to surreptitiously manipulate the IP addresses within an encrypted packet. Dubbed aLTEr, the researchers’ attack causes mobile devices to use a malicious domain name system server that, in turn, redirects the user to a malicious server masquerading as Hotmail. The other two weaknesses involve the way LTE maps users across a cellular network and leaks sensitive information about the data passing between base stations and end users.
The attacks, which are described in a paper published Thursday, require about $4,000 worth of equipment that must be within about one mile of the targeted user. Because the weaknesses are the result of design decisions made when the LTE specification was under development, there is no way to patch them now. End users, however, can protect themselves against aLTEr by only visiting websites that use HTTP Strict Transport Security and DNS Security Extensions.
In an email, researchers Thorsten Holz and David Rupprecht of the Ruhr-Universität Bochum wrote:
The two significant contributions are that we show that LTE suffers from several attack vectors and demonstrate that LTE is vulnerable in practice. Most importantly, the aLTEr attack enables an adversary to redirect network connections and thus perform several kinds of attacks. Note that the underlying attack vectors are well-known and such attacks were demonstrated in other kinds of protocols in the past. We are the first to demonstrate that LTE, despite a lot of security improvements compared to GSM, also suffers from such attacks. We hope that our research will influence the security-related decisions in 5G such that future mobile communication protocols are not vulnerable to such attacks. Note that an attacker that wants to perform our attacks still needs to be in the proximity of the victim and she required special equipment (although this is easily available for an attacker). We think that, in particular, people that are of special interest (politician, journalists, ambassadors, upper management, …) should care about such attacks (see for example the attacks against politicians uncovered via the Snowden leaks). The main consequences of our attacks are that an attacker can use them to redirect network traffic, determine the visited website, or use this attack as a stepping stone for further attacks.
[Social9_Share class=”s9-widget-wrapper”]
Upcoming Events
Shift Difficult Problems Left with Graph Analysis on Streaming Data
29 April 2024
12 PM ET – 1 PM ET
Read MoreCategories
You Might Be Interested In
Why AI Will Shift Decision-Making From the C-Suite to the Frontline
12 Aug, 2018AI technologies can provide managers and employees with accurate data and predictions at their fingertips to support and enable the …
Most Industries Are Nowhere Close to Realizing the Potential of Analytics
21 Dec, 2016Back in 2011, the McKinsey Global Institute published a report on the transformational potential of big data—and it would take …
HR Must Make People Analytics More User-Friendly
19 Jun, 2017Managing HR-related data is critical to any organization’s success. And yet, progress in HR analytics has been glacially slow. To …
Recent Jobs
Do You Want to Share Your Story?
Bring your insights on Data, Visualization, Innovation or Business Agility to our community. Let them learn from your experience.