Flaws In The LTE Protocol Can Lead To Epic Pwnage

Researchers at at the University of Iowa and Purdue University have uncovered 10 different attack vectors that exploit flaws in three critical protocol operations of the LTE mobile network that we humans have come to depend upon to keep us connected to Facebook and Instagram.

All the attacks fall under one bucket which is called the authentication relay attack. These attacks allow hackers to connect to an LTE network without credentials, as well as to masquerade as a target’s device. Plus they can eavesdrop on phone calls and text messages, knock devices offline, and even spoof emergency alerts. In other words they can do some bad stuff and get away without getting caught. Here’s what researcher Syed Rafiul Hussain told ZDNet:

Among the 10 newly detected attacks, we have verified eight of them in a real testbed with SIM cards from four major US carriers.

And:

The root cause of most of these attacks are the lacks of proper authentication, encryption, and replay protection in the important protocol messages.

This sounds similar to something that I wrote about that centered around Canadian carriers getting a failing grade when it came to security last year. Now one of the US carriers named has already implemented a fix. But I wonder if those carriers in Canada who didn’t measure up when it came to protecting their customers from stuff like this have done so. Never mind the other US carriers or carriers elsewhere. It would be really reassuring if they call came out and spoke to this so that we didn’t have to assume that they weren’t taking the security of their networks seriously.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: