As of yesterday a team of academics published a report on a
research conducted that described three attacks against the mobile
communication standard LTE (Long Term Evolution), otherwise called the 4G
network.
As indicated by the researchers, two of the three attacks are
'passive', which means that they allow an attacker to gather meta-information
about the user's activity and in addition to this also enable the attacker to
determine what sites a user may visit through his LTE device. Then again the
third is a functioning attack or an active attack in other words, that gives
the attacker a chance to manipulate data sent to the user's LTE gadget.
Researchers nicknamed the active attack aLTEr in view of its
intrusive capacities, which they utilized as a part of their experiments to
re-direct users to malevolent sites by altering the DNS packets.
In any case, the researchers said that the regular
users have nothing to fear, until further notice as carrying out any of the
three attacks requires extremely unique and costly hardware, alongside custom
programming, which for the most part puts this kind of attack out of the reach
of most cyber criminals.
"We conducted the attacks in an experimental
setup in our lab that depends on special hardware and a controlled
environment," researchers said. "These requirements are, at the
moment, hard to meet in real LTE networks. However, with some engineering
effort, our attacks can also be performed in the wild."
The equipment expected to pull off such attacks is
fundamentally the same as purported "IMSI catchers" or
"Stingray" gadgets, equipment utilized by law enforcement around the
globe to trap a target's phone into interfacing with a fake telecommunication
tower.
The contrast between an aLTEr attack and a classic
IMSI catcher is that the IMSI catchers perform 'passive' MitM attack to decide
the target's geo-area, while aLTEr can actually alter what the user views on
his/her device.
With respect to the technical details of the three
attacks, the three vulnerabilities exist in one of the two LTE layers called
the data layer, the one that is known for transporting the user's real
information. The other layer is the control layer as that is the one that
controls and keeps the user's 4G connection running.
As indicated by researchers, the vulnerabilities exist
on the grounds that the data layer isn't secured, so an attacker can capture,
change, and after that transfer the altered packets to the actual cell tower.
The research team, made up of three researchers from
the Ruhr-University in Bochum, Germany and a specialist from New York
University, say they have warned the relevant institutions like the GSM
Association (GSMA), 3rd Generation Partnership Project (3GPP), as well as the
telephone companies about the issues they had found.
Cautioning that the issue could likewise influence the
up and coming version of the 5G standard in its present form. Experts said that
the 5G standard incorporates extra security features to forestall aLTEr attacks;
however these are as of now discretionary.
The research team has although, published its
discoveries in a research paper entitled "Breaking LTE on Layer Two,"
which they intend to display at the 2019 IEEE Symposium on Security and Privacy
, to be held in May 2019 in San Francisco.
Below is a link of a demo of an aLTEr attack recorded
by researchers.
