Security Flaws Disclosed in 4G LTE Mobile Telephony Standard (bleepingcomputer.com) 15
A team of academics has published research this week that describes three attacks against the mobile communication standard LTE (Long-Term Evolution), also known as 4G. From a report: Two of the three attacks are passive, meaning an attacker can watch LTE traffic and determine various details about the target, while the third is an active attack that lets the attacker manipulate data sent to the user's LTE device. According to researchers, the passive attacks allow an attacker to collect meta-information about the user's traffic (an identity mapping attack), while the second allows the attacker to determine what websites a user might be visiting through his LTE device (a website fingerprinting attack).
A combination of multiple "vulnerabilities" (Score:1)
:1. the data link layer is not protected, so an attacker can perform a relay attack (forward the encrypted radio packets between the phone and the actual cell tower).
2. from watching the encrypted traffic patterns, it is possible to guess which websites the user is surfing by comparing the traffic fingerprints.
3. the packets are not integrity-protected, so it's possible to change bits of data, if you can guess which packet you have and how it's constructed. This is used to manipulate DNS requests to redirec
You know (Score:2)
Risk is one thing nothing being "safe" is another.
I guess I'll have to go back to a rotary landline and a TTY or a vt100. /s?
Re: (Score:2)
Then the ex and former security services have a way in for a price.
Federal police then help state task forces with "tech".
State and city police then find the rent for their own police to get in.
Then its down to the cost of a private detective and the national media.
Optimistic researchers (Score:2)
The researchers state:
To conduct such attacks, the attacker depends on specialized hardware (so called software-defined radios) and a customized implementation of the LTE protocol stack. In addition, a controlled environment helps to be successful within an acceptable amount of time. In particular, the use of a shielding box helps to maintain a stable and noise-free connection to the attack setup. Especially the latter cannot be maintained in a real-world situation and more engineering effort is required for real-world attacks.
The same was said for attacks on 2G. Today attacks on 2G are routinely used by quite poor criminal gangs in third world countries. The state of 3G is a bit murky, but most phones happily downgrade to 2G if you ask them to.
The poor security of 2G is still costing lives on a regular basis. It is depressing that 4G isn't the leap forward we could hope for.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
> To conduct such attacks, the attacker depends on specialized hardware (so called software-defined radios) and a > customized implementation of the LTE protocol stack. ... Ya mean like LimeSDR, BladeRF, ADALM-Pluto and OpenBTS? All those radios under $500.00
Oy!
The "long term evolution" didn't last for long (Score:3)
Man In the Middle different from stingray how ? (Score:3)
how is this any different from a stingray device ?
all credit to them but really this is a issue with LTE phones not utilising DNSSEC
so the mobile networks should have DNSSEC capable resolvers since the devices could do it (both iOS and Android), Is it not the networks that are at fault here ?
Re: (Score:2)
Re: (Score:2)
Known-plain-text attacks tend to be impractical against any modern secured encryption scheme. If it's important, it would be on an encrypted website. Then you can literally sniff every packet, and know the entire plain-text and it won't help you decrypt the rest of the session at all.