New LTE Attacks Can Snoop On Messages, Track Locations, and Spoof Emergency Alerts

An anonymous reader quotes a report from ZDNet: A slew of newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts. Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. Those flaws can allow authentication relay attacks that can allow an adversary to connect to a 4G LTE network by impersonating an existing user -- such as a phone number. Although authentication relay attacks aren't new, this latest research shows that they can be used to intercept message, track a user's location, and stop a phone from connecting to the network. By using common software-defined radio devices and open source 4G LTE protocol software, anyone can build the tool to carry out attacks for as little as $1,300 to $3,900, making the cost low enough for most adversaries. The researchers aren't releasing the proof-of-concept code until the flaws are fixed, however.

Hard and Made Harder

[FeelGood314]

Securely joining a network isn't easy. Doing it over a protocol that needs agreement from a large number of people is almost impossible. 3/4 of the people in the meeting will think all you need is privacy. Those who understand authentication will then insist on something that only authenticates the network or the joining phones but not both. Then you get the push back against having any kind of centralized trust authority, so every one signs certs and validating them becomes a waste of time (the new passport system). Even if you avoid all that, someone will try and add more and more features because, insert stupid reason, or protocol X does it (Even if protocol X doesn't ever use it or protocol X is solving a completely different problem). Then you will get two features that can't be used securely at the same time and the group will vote that interoperability is more important than security. All this and more before we even get to the individual implementations.

Security is the red haired step child. Everyone pretends to care about him but he gets shafted every time.

(Yes, I have red hair, and for some reason a lot of security protocol people seem to as well)

Re: Didn’t we tacitly know this already?

[guruevi]

The Stingray only costs $100k because it is sold to governments. It really is a $50 SDN.