Slashdot Mirror
A New Attack Allows Intercepting Or Blocking Of Every LTE Phone Call And Text (theregister.co.uk)
All LTE networks and devices are vulnerable to a new attack demonstrated at the Ruxon security conference in Melbourne. mask.of.sanity shared this article from The Register:
It exploits LTE fall-back mechanisms designed to ensure continuity of phone services in the event of emergency situations that trigger base station overloads... The attacks work through a series of messages sent between malicious base stations spun up by attackers and targeted phones. It results in attackers gaining a man-in-the-middle position from where they can listen to calls or read SMS, or force phones back to 2G GSM networks where only voice and basic data services are available...
[Researcher Wanqiao] Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity. "You can create a denial of service attack against cellphones by forcing phones into fake networks with no services," Zhang told the conference. "You can make malicious calls and SMS and...eavesdrop on all voice and data traffic."
[Researcher Wanqiao] Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity. "You can create a denial of service attack against cellphones by forcing phones into fake networks with no services," Zhang told the conference. "You can make malicious calls and SMS and...eavesdrop on all voice and data traffic."
No industry reach-out and responsible disclosure after the time needed for them to contemplate and execute a change across a 100K+-node base station network?
This is why we can't have nice things.
I disagree. If people would make their shit secure in the first place, it wouldn't be a problem.
Maybe if we had more exposure of 0-day flaws and associated attacks, people would work a little harder to creating flaws to begin with.
It depends why any telco issue exists and is fixed or not fixed.
Greek wiretapping case 2004–05
https://en.wikipedia.org/wiki/...–05
SISMI-Telecom scandal
https://en.wikipedia.org/wiki/...
or why "Fake Mobile Phone Towers Operating In The UK"
http://news.sky.com/story/fake...
Domestic spying is now "Benign Information Gathering"
Just because it's possible, doesn't mean it can be done.
This attack breaks multiple laws, and regulations.
As noted in another post. The equipment to do this is expensive.
It's not a targeted attack. There's no way to pin an individual, they might just get lucky and get through on the real cell.
Just alarmist ranting, for now.
So T-Mobile customers shouldn't notice any interruption in service.
This is why using Signal is critically important.
Isn't this pretty much what a Stingray does? Or does Stingray use weaknesses deliberately built into the networks?
Ya'see, I'm getting sick and tired of hearing this goddamn argument over and over again. "Just make it secure in the first place", like technical security is just a magical flip of a switch. "Oh, Yeah, I downloaded and installed the SECURE library into my app, things are PERFECT now!"
Security is an ever evolving moving target. What is deemed secure today may very well become insecure tomorrow. This is true of both software and non-software technical systems. This is true of both open and closed source software. This research that happened is EXACTLY what we need to ensure security, having people willing to disclose vulnerabilities to the general masses, because similar exploits may exist in other implementations. The alternative is selling exploits on the black market. Which would you honestly prefer?
Umm...are you sure? I saw this girl talk in Las Vegas a few months ago at Defcon. This isn't new. This is a known exploit.
Some software can be proven secure. Look at sel4. It's just that software engineers take shortcuts. If you design an aircraft wing you have to prove that it can take the load with math and physics. When we write software we assume it's good enough because we "tested it thoroughly". I guess it's time to start treating software engineering like real engineerings. Hold them accountable and teach them how to prove things secure before they are allowed to use technology. I feel like most software engineering are simply stumbling around in the dark when it comes to security.
If only it were that easy. So much of security is a case of people abusing behavior of a complex system. Its difficult to image how some of these complex interactions might be exploited ahead of time.
This is a case where for the most part the system is working as designed. A high amount of traffic is detected so the system pushes the devices to fall back on legacy resources so the system of call handling over all can continue to function. It just so happens the high traffic isn't a bunch of devices all wanting voice and data at one but a basically a DOS attack. There isn't much you can do about DOS attacks on over the air media. If someone wants to jam a signal they can. This is basically that but they happen to be doing some protocol participation as well.
Availability is part of security, should the system just fall over under high load instead? Would that be 'more secure' in your estimation or less?
Honestly what should probably happen is the handset should ask.. "LTE fallback requested, voice and data privacy not assured, do you wish to proceed?" Now you are back to a human problem where they have to make a judgement call. They also have to be savvy about the situation, and ask themselves is this likely happening because of some congestion event or is this an attempt to MITM me?
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
It's worse than this. LTE downgrade attacks have been known about for many years. The lack of mitigation against such attacks is also the reasons stingrays work so well. If devices could authenticate the basestation and prevent downgrades to weak encryption schemes like was suggested in ... I think I heard about this personally 3 years ago the first time... then neither stingrays nor this current attack would be an issue.
Well, for a lot of uses, slap-dash is "good enough". I don't really need my $30/month prepay service that I use to get phone calls from my wife telling me to pick up laundry detergent to be bulletproof - it just needs to work well enough that I get by another month without getting too pissed off. If they went all space shuttle control software on my phone and the network, it probably would all drift outside of my price range. I suspect for high-security applications, there are already bolt-on solutions that let you securely communicate with your basement email server.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.