LTE vulnerabilities could allow eavesdroping
There are new vulnerabilities discovered with the 4G network used by smartphones. South Korean researchers discovered 36 new flaws using a technique called 'fuzzing'.
It turns out that our mobile networks may not be the safest. As LTE gets ready to make way for 5G, researchers have discovered several flaws in the Long-Term Evolution (LTE) standard, which could allow an attacker to intercept data traffic or spoof SMS messages.
The 4G LTE standard has vulnerabilities that could allow a hacker to intercept data that is being transferred on the networks. Although there has been plenty of research about LTE security vulnerabilities published in the past, what's different about this particular study is the scale of the flaws identified and the way in which the researchers found them.
Researchers at the Korea Advanced Institute of Science and Technology Constitution (KAIST) have discovered 51 vulnerabilities with the 4G LTE standard—this includes 15 known issues and 36 new and previously undiscovered flaws with the standard.
LTE, although commonly marketed as 4G LTE, isn’t technically 4G. LTE is widely used around the world and often marketed as 4G. LTE can be more accurately described as 3.95G.
Given the widespread use of LTE, the latest findings have massive implications and clearly show wireless networks that consumers often take for granted aren't foolproof.
In their research paper [PDF], the researchers claim to have found vulnerabilities enabling attackers to eavesdrop and access user data traffic, distribute spoofed text messages, interrupt communications between base station and phones, block calls, disconnect users from the network and also access as well as manipulate data that is being transferred. The researchers are planning to present these at the IEEE Symposium on Security and Privacy in May.
“LTEFuzz successfully identified 15 previously disclosed vulnerabilities and 36 new vulnerabilities in design and implementation among the differ- ent carriers and device vendors. The findings were categorized into five vulnerability types. We also demonstrated several attacks that can be used for denying various LTE services, sending phishing messages, and eavesdropping/manipulating data traffic. We performed root cause analysis of the identified problems by reviewing the related standard and interviewing collaborators of the carriers,” said the researchers in the report.
from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/2UiWswW
Comments
Post a Comment