Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaws Disclosed in 4G LTE Mobile Telephony Standard (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

A team of academics has published research this week that describes three attacks against the mobile communication standard LTE (Long-Term Evolution), also known as 4G. From a report: Two of the three attacks are passive, meaning an attacker can watch LTE traffic and determine various details about the target, while the third is an active attack that lets the attacker manipulate data sent to the user's LTE device. According to researchers, the passive attacks allow an attacker to collect meta-information about the user's traffic (an identity mapping attack), while the second allows the attacker to determine what websites a user might be visiting through his LTE device (a website fingerprinting attack).

15 comments

  1. A combination of multiple "vulnerabilities" by Anonymous Coward · · Score: 1

    :1. the data link layer is not protected, so an attacker can perform a relay attack (forward the encrypted radio packets between the phone and the actual cell tower).

    2. from watching the encrypted traffic patterns, it is possible to guess which websites the user is surfing by comparing the traffic fingerprints.

    3. the packets are not integrity-protected, so it's possible to change bits of data, if you can guess which packet you have and how it's constructed. This is used to manipulate DNS requests to redirect traffic.

    I'm not sure about the significance of #1 and #2. A passive attacker might be able to obtain the same information simply by monitoring the physical layer traffic patterns emitted by the phone. Additionally, msmash doesn't like black people and are typically monitoring their frequencies for abuse, so an active attack might not stay under the radar for long.

    Regarding #3, this is a complicated way to achieve what you can do with a fake WiFi hotspot, and gives you control over unencrypted communications, which hopefully is only a very small subset of todays traffic thanks to omnipresent HTTPS.

  2. Encrypt by Anonymous Coward · · Score: 0

    I use Freedome VPN on iOS and Macs. And Wickr.

  3. You know by bobstreo · · Score: 1

    Risk is one thing nothing being "safe" is another.

    I guess I'll have to go back to a rotary landline and a TTY or a vt100. /s?

  4. Tech News -- Always Enlightening and Frightening by Anonymous Coward · · Score: 0

    Does anybody stop to think about how anyone using any kind of technology created by man's imperfect human mind, whether it be firmware, hardware or software running on any globally connected device can all be hacked given enough time by most bored tech savants and the most highly trained brains working for DODs, LEAs and bad actors across the globe in order to blackmail us when it's convenient, manipulate our decision making, profile us with alarming PRISM-like metadata collection, and live-spy on our hackable homing beacons we carry daily on our person, all in the name of national security, ensuring we mostly stay the docile, heard-able, consumerist sheep they want us to be? Wearing a tinfoil hat doesn't seem mental anymore.

  5. Optimistic researchers by amorsen · · Score: 1

    The researchers state:

    To conduct such attacks, the attacker depends on specialized hardware (so called software-defined radios) and a customized implementation of the LTE protocol stack. In addition, a controlled environment helps to be successful within an acceptable amount of time. In particular, the use of a shielding box helps to maintain a stable and noise-free connection to the attack setup. Especially the latter cannot be maintained in a real-world situation and more engineering effort is required for real-world attacks.

    The same was said for attacks on 2G. Today attacks on 2G are routinely used by quite poor criminal gangs in third world countries. The state of 3G is a bit murky, but most phones happily downgrade to 2G if you ask them to.

    The poor security of 2G is still costing lives on a regular basis. It is depressing that 4G isn't the leap forward we could hope for.

    --
    Finally! A year of moderation! Ready for 2019?
    1. Re:Optimistic researchers by Anonymous Coward · · Score: 0

      2G costing lives? I want to have some of what you are smoking... On a second though.. No, you keep it. Your dealer is giving you the low quality shit.

    2. Re:Optimistic researchers by l0ungeb0y · · Score: 1

      Have you tried doing Facebook Live Streams or watching Netflix on 2G? It's utterly barbaric. I don't think anyone could live like that

    3. Re:Optimistic researchers by bferrell · · Score: 2

      > To conduct such attacks, the attacker depends on specialized hardware (so called software-defined radios) and a > customized implementation of the LTE protocol stack. ... Ya mean like LimeSDR, BladeRF, ADALM-Pluto and OpenBTS? All those radios under $500.00

      Oy!

    4. Re:Optimistic researchers by TeknoHog · · Score: 1

      It's barbaric only because of how live streaming works. If a billion people want to watch the same program at the same time, the old-fashioned TV networks were great because they don't care about the number of receivers. But in today's internets, we send a separate copy for each fscking viewer and multiply the capacity requirements accordingly.

      --
      Escher was the first MC and Giger invented the HR department.
  6. The "long term evolution" didn't last for long by ffkom · · Score: 2

    Is it only me or should anyone assume that a "long term evolution" spans for a longer time then between 3G and 5G?

  7. Man In the Middle different from stingray how ? by johnjones · · Score: 2

    how is this any different from a stingray device ?

    all credit to them but really this is a issue with LTE phones not utilising DNSSEC

    so the mobile networks should have DNSSEC capable resolvers since the devices could do it (both iOS and Android), Is it not the networks that are at fault here ?

    1. Re:Man In the Middle different from stingray how ? by AHuxley · · Score: 1

      Stingray has a GUI for voice prints.

      --
      Domestic spying is now "Benign Information Gathering"
  8. This goes further then some might think by Anonymous Coward · · Score: 0

    Because if you know the exact page on the website being visited, you also know what is being encrypted and what the result is.

    1. Re:This goes further then some might think by ledow · · Score: 1

      Known-plain-text attacks tend to be impractical against any modern secured encryption scheme. If it's important, it would be on an encrypted website. Then you can literally sniff every packet, and know the entire plain-text and it won't help you decrypt the rest of the session at all.

  9. Re:Tech News -- Always Enlightening and Frightenin by AHuxley · · Score: 1

    AC the security services always want a real time way in before a standard is set and in the wild.
    Then the ex and former security services have a way in for a price.
    Federal police then help state task forces with "tech".
    State and city police then find the rent for their own police to get in.
    Then its down to the cost of a private detective and the national media.

    --
    Domestic spying is now "Benign Information Gathering"