As of yesterday a team of academics published a report on a research conducted that described three attacks against the mobile communication standard LTE (Long Term Evolution), otherwise called the 4G network.
As indicated by the researchers, two of the three attacks are ‘passive’, which means that they allow an attacker to gather meta-information about the user’s activity and in addition to this also enable the attacker to determine what sites a user may visit through his LTE device. Then again the third is a functioning attack or an active attack in other words, that gives the attacker a chance to manipulate data sent to the user’s LTE gadget.
Researchers nicknamed the active attack aLTEr in view of its intrusive capacities, which they utilized as a part of their experiments to re-direct users to malevolent sites by altering the DNS packets.
In any case, the researchers said that the regular users have nothing to fear, until further notice as carrying out any of the three attacks requires extremely unique and costly hardware, alongside custom programming, which for the most part puts this kind of attack out of the reach of most cyber criminals.
“We conducted the attacks in an experimental setup in our lab that depends on special hardware and a controlled environment,” researchers said. “These requirements are, at the moment, hard to meet in real LTE networks. However, with some engineering effort, our attacks can also be performed in the wild.”
The equipment expected to pull off such attacks is fundamentally the same as purported “IMSI catchers” or “Stingray” gadgets, equipment utilized by law enforcement around the globe to trap a target’s phone into interfacing with a fake telecommunication tower.
The contrast between an aLTEr attack and a classic IMSI catcher is that the IMSI catchers perform ‘passive’ MitM attack to decide the target’s geo-area, while aLTEr can actually alter what the user views on his/her device.
With respect to the technical details of the three attacks, the three vulnerabilities exist in one of the two LTE layers called the data layer, the one that is known for transporting the user’s real information. The other layer is the control layer as that is the one that controls and keeps the user’s 4G connection running.
As indicated by researchers, the vulnerabilities exist on the grounds that the data layer isn’t secured, so an attacker can capture, change, and after that transfer the altered packets to the actual cell tower.
The research team, made up of three researchers from the Ruhr-University in Bochum, Germany and a specialist from New York University, say they have warned the relevant institutions like the GSM Association (GSMA), 3rd Generation Partnership Project (3GPP), as well as the telephone companies about the issues they had found.
Cautioning that the issue could likewise influence the up and coming version of the 5G standard in its present form. Experts said that the 5G standard incorporates extra security features to forestall aLTEr attacks; however these are as of now discretionary.
The research team has although, published its discoveries in a research paper entitled “Breaking LTE on Layer Two,” which they intend to display at the 2019 IEEE Symposium on Security and Privacy , to be held in May 2019 in San Francisco.
Below is a link of a demo of an aLTEr attack recorded by researchers.