Slashdot Mirror

← Back to Stories (view on slashdot.org)

A New Attack Allows Intercepting Or Blocking Of Every LTE Phone Call And Text (theregister.co.uk)

Posted by EditorDavid on from the three-way-calling dept.

All LTE networks and devices are vulnerable to a new attack demonstrated at the Ruxon security conference in Melbourne. mask.of.sanity shared this article from The Register: It exploits LTE fall-back mechanisms designed to ensure continuity of phone services in the event of emergency situations that trigger base station overloads... The attacks work through a series of messages sent between malicious base stations spun up by attackers and targeted phones. It results in attackers gaining a man-in-the-middle position from where they can listen to calls or read SMS, or force phones back to 2G GSM networks where only voice and basic data services are available...

[Researcher Wanqiao] Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity. "You can create a denial of service attack against cellphones by forcing phones into fake networks with no services," Zhang told the conference. "You can make malicious calls and SMS and...eavesdrop on all voice and data traffic."

3 of 80 comments (clear)

  1. Re:Thanks, *hats by AHuxley · · Score: 4, Insightful

    It depends why any telco issue exists and is fixed or not fixed.
    Greek wiretapping case 2004–05
    https://en.wikipedia.org/wiki/...–05
    SISMI-Telecom scandal
    https://en.wikipedia.org/wiki/...
    or why "Fake Mobile Phone Towers Operating In The UK"
    http://news.sky.com/story/fake...

    --
    Domestic spying is now "Benign Information Gathering"
  2. Re:Thanks, *hats by darkain · · Score: 4, Insightful

    Ya'see, I'm getting sick and tired of hearing this goddamn argument over and over again. "Just make it secure in the first place", like technical security is just a magical flip of a switch. "Oh, Yeah, I downloaded and installed the SECURE library into my app, things are PERFECT now!"

    Security is an ever evolving moving target. What is deemed secure today may very well become insecure tomorrow. This is true of both software and non-software technical systems. This is true of both open and closed source software. This research that happened is EXACTLY what we need to ensure security, having people willing to disclose vulnerabilities to the general masses, because similar exploits may exist in other implementations. The alternative is selling exploits on the black market. Which would you honestly prefer?

  3. Re:Thanks, *hats by SumDog · · Score: 3, Insightful

    Umm...are you sure? I saw this girl talk in Las Vegas a few months ago at Defcon. This isn't new. This is a known exploit.