New LTE Attacks Can Snoop On Messages, Track Locations, and Spoof Emergency Alerts

An anonymous reader quotes a report from ZDNet: A slew of newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts. Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. Those flaws can allow authentication relay attacks that can allow an adversary to connect to a 4G LTE network by impersonating an existing user -- such as a phone number. Although authentication relay attacks aren't new, this latest research shows that they can be used to intercept message, track a user's location, and stop a phone from connecting to the network. By using common software-defined radio devices and open source 4G LTE protocol software, anyone can build the tool to carry out attacks for as little as $1,300 to $3,900, making the cost low enough for most adversaries. The researchers aren't releasing the proof-of-concept code until the flaws are fixed, however.

Hard and Made Harder

[FeelGood314]

Securely joining a network isn't easy. Doing it over a protocol that needs agreement from a large number of people is almost impossible. 3/4 of the people in the meeting will think all you need is privacy. Those who understand authentication will then insist on something that only authenticates the network or the joining phones but not both. Then you get the push back against having any kind of centralized trust authority, so every one signs certs and validating them becomes a waste of time (the new passport system). Even if you avoid all that, someone will try and add more and more features because, insert stupid reason, or protocol X does it (Even if protocol X doesn't ever use it or protocol X is solving a completely different problem). Then you will get two features that can't be used securely at the same time and the group will vote that interoperability is more important than security. All this and more before we even get to the individual implementations.

Security is the red haired step child. Everyone pretends to care about him but he gets shafted every time.

(Yes, I have red hair, and for some reason a lot of security protocol people seem to as well)

Re:Hard and Made Harder

[Pinky's+Brain]

Lets not forget the NSA moles who undermine the system such that they can always put up their own listening post without having to go through the trouble of a central tap or stealing keys.

Re:Hard and Made Harder

[HiThere]

Well, there's some evidence that red haired people are more sensitive to pain, and I can see how that might make them more interested in security.

Reminds me of the old GSM Encryption debacle

[kriston]

Reminds me of the old GSM Encryption debacle.

This is going to be good!

Isn't it interesting...

Apple and Samsung report the first slide in handset sales last year, and now researchers find major flaws in the protocols that will require handset upgrades for everyone because "We can't update that version of iOS/Android to the latest version" or "We don't support your handset model anymore." and without updates you won't be able to connect to LTE services anymore.

Just sayin sometimes a cigar is a penis.

Didn’t we tacitly know this already?

[93+Escort+Wagon]

Given that police are able to use Stingrays for monitoring and intercepting traffic, why would anyone believe the protocol was otherwise secure? ... anyone other than members of Congress, I mean.

Re:Didn’t we tacitly know this already?

you can tell your phone not to fall back to 2G, rendering stingray in its current form useless.

Re:Didn’t we tacitly know this already?

My prepaid plan is 2G, you insensitive clod.

Re:Didn’t we tacitly know this already?

The Stingray cost over 100 grand. These methods don't. That's the real issue here.

Re:Didn’t we tacitly know this already?

[kelemvor4]

My prepaid plan is 2G, you insensitive clod.

Get a better prepaid plan.

Re: Didn’t we tacitly know this already?

[guruevi]

The Stingray only costs $100k because it is sold to governments. It really is a $50 SDN.

Re: Didn’t we tacitly know this already?

Yes this is not new. These features were mentioned in the old IMSI catcher presentation that led to Stingrays being a thing.

Re: Didn’t we tacitly know this already?

You still have 2G networks?

IMSI catcher 2.0?

More like 4.0 but you get the point. Something about this smells, like it was intentional.

Re: IMSI catcher 2.0?

[Gonoff]

More like 4.0 but you get the point. Something about this smells, like it was intentional.

And intentional towards only a very small % of phone users. At least GSM is not the "red haired stepchild" of the telcos.

If you want to see who/where did it, you only need to check about 5 countries - or do you want to blame Russia?

3G Forever

You guys keep making fun of me for sticking with 3G CDMA... that shit is rock solid.... and doesn't drain my battery in an hour.

Re:3G Forever

I use 3G GSM on my phone because T-Mobile has shit LTE bandwidth. 3G is actually faster for me.

Re: 3G Forever

[maitai]

Actually. When I visit tourists spots I turn off LTE because it is in fact faster to use 3G which everyone else isn't using.

Release the method

after a given date, so companies are forced to fix the flaws. You have to ask yourself if they were put there on purpose to begin with,

BALLISTIC MISSLE THREAT INBOUND TO YOUR LOCATION

SEEK IMMEDIATE SHELTER

Re:Hard and Made Harder BeauHD Boners

BeauHD's scorecard isn't that great...He should try something else for change.

Nice try

[ChunderDownunder]

But I'm still on a 3G smartphone.

Being thrifty with an obsolete handset has its merits!

Re:Nice try

It's like saying you're glad you haven't upgraded from Herpes to Chlamydia. You lose either way

Re:Nice try

Wow. You still have 3G towers? Lucky. They decided to take out most of them around here, but not replace them with powerful enough 4G/LTE towers to get decent signal. Though I think I might die at 3G speeds.

The trouble with software defined anything...

...is that the software is full of bugs. If you thought 3g was insecure, and LTE is beginning to show its flaws, just wait till 5g.

And that is without worrying about deliberate back doors and the like...

5G

Now that 5G is a thing that is being sold we will now hear about all of the 4G vulnerabilities, There never was a standard so there are likely many, but if you get a 5G phone it won't have THOSE...

Re:5G

of course. because, why would you disclose the vulnerabilities when it is still being used by those 3-letter-agencies. Just disclose the vulnerabilities of old tech once there's a newer product with bigger hole built-in.

Same old

Pre-authentication identification or DoS attacks.
You can do much of the same with a $50 jammer.
Nothing new, please move on.