Security Flaws Disclosed in 4G LTE Mobile Telephony Standard

A team of academics has published research this week that describes three attacks against the mobile communication standard LTE (Long-Term Evolution), also known as 4G. From a report: Two of the three attacks are passive, meaning an attacker can watch LTE traffic and determine various details about the target, while the third is an active attack that lets the attacker manipulate data sent to the user's LTE device. According to researchers, the passive attacks allow an attacker to collect meta-information about the user's traffic (an identity mapping attack), while the second allows the attacker to determine what websites a user might be visiting through his LTE device (a website fingerprinting attack).

Re:Optimistic researchers

[bferrell]

> To conduct such attacks, the attacker depends on specialized hardware (so called software-defined radios) and a > customized implementation of the LTE protocol stack. ... Ya mean like LimeSDR, BladeRF, ADALM-Pluto and OpenBTS? All those radios under $500.00

Oy!

The "long term evolution" didn't last for long

[ffkom]

Is it only me or should anyone assume that a "long term evolution" spans for a longer time then between 3G and 5G?

Man In the Middle different from stingray how ?

[johnjones]

how is this any different from a stingray device ?

all credit to them but really this is a issue with LTE phones not utilising DNSSEC

so the mobile networks should have DNSSEC capable resolvers since the devices could do it (both iOS and Android), Is it not the networks that are at fault here ?