Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Communications Security

Security Flaws Disclosed in 4G LTE Mobile Telephony Standard (bleepingcomputer.com) 15

A team of academics has published research this week that describes three attacks against the mobile communication standard LTE (Long-Term Evolution), also known as 4G. From a report: Two of the three attacks are passive, meaning an attacker can watch LTE traffic and determine various details about the target, while the third is an active attack that lets the attacker manipulate data sent to the user's LTE device. According to researchers, the passive attacks allow an attacker to collect meta-information about the user's traffic (an identity mapping attack), while the second allows the attacker to determine what websites a user might be visiting through his LTE device (a website fingerprinting attack).
This discussion has been archived. No new comments can be posted.

Security Flaws Disclosed in 4G LTE Mobile Telephony Standard

Comments Filter:
  • :1. the data link layer is not protected, so an attacker can perform a relay attack (forward the encrypted radio packets between the phone and the actual cell tower).

    2. from watching the encrypted traffic patterns, it is possible to guess which websites the user is surfing by comparing the traffic fingerprints.

    3. the packets are not integrity-protected, so it's possible to change bits of data, if you can guess which packet you have and how it's constructed. This is used to manipulate DNS requests to redirec

  • Risk is one thing nothing being "safe" is another.

    I guess I'll have to go back to a rotary landline and a TTY or a vt100. /s?

  • The researchers state:

    To conduct such attacks, the attacker depends on specialized hardware (so called software-defined radios) and a customized implementation of the LTE protocol stack. In addition, a controlled environment helps to be successful within an acceptable amount of time. In particular, the use of a shielding box helps to maintain a stable and noise-free connection to the attack setup. Especially the latter cannot be maintained in a real-world situation and more engineering effort is required for real-world attacks.

    The same was said for attacks on 2G. Today attacks on 2G are routinely used by quite poor criminal gangs in third world countries. The state of 3G is a bit murky, but most phones happily downgrade to 2G if you ask them to.

    The poor security of 2G is still costing lives on a regular basis. It is depressing that 4G isn't the leap forward we could hope for.

    • > To conduct such attacks, the attacker depends on specialized hardware (so called software-defined radios) and a > customized implementation of the LTE protocol stack. ... Ya mean like LimeSDR, BladeRF, ADALM-Pluto and OpenBTS? All those radios under $500.00

      Oy!

  • by ffkom ( 3519199 ) on Friday June 29, 2018 @04:28PM (#56868052)
    Is it only me or should anyone assume that a "long term evolution" spans for a longer time then between 3G and 5G?
  • how is this any different from a stingray device ?

    all credit to them but really this is a issue with LTE phones not utilising DNSSEC

    so the mobile networks should have DNSSEC capable resolvers since the devices could do it (both iOS and Android), Is it not the networks that are at fault here ?

Keep up the good work! But please don't ask me to help.

Working...