The 4G LTE (Long Term Evolution) protocol, the most widely used mobile network standard now, is endangered with vulnerabilities – discovered by few Information Security researchers.
They discovered severe vulnerabilities in 4G LTE protocol that could be exploited and used for various cyber malpractices like :
- phone call spying
- text messages spying
- fake emergency alerts
- track the device location or spoof the location
The researchers behind this discovery belong to Purdue University and the University of Iowa which released a research paper that explains 10 new cyber attacks against the 4G LTE wireless data communications technology.
The key three protocol procedures which is diseased with weakness are:
- Attach: in this procedure the device of a user is associated with the network (the first connection that is made when we turn it on).
- Detach: the opposite process, where the user switches off the device and disconnects from the network, or the network disconnects the device (for example, due to not being able to validate it or running out of coverage)
- Paging: part of the procedure for making a call and looking for the device in the network to acquire system information or to contact it in case of emergency.
With LTEInspector, a systematic model-based adversarial testing approach, tested eight of the ten attacks.
- Authentication Synchronization Failure Attack
- Traceability Attack
- Numb Attack
- Authentication Relay Attack
- Detach/Downgrade Attack
- Paging Channel Hijacking Attack
- Stealthy Kicking-off Attack
- Panic Attack
- Energy Depletion Attack
- Linkability Attack
Among the ten, researchers declare ‘authentication relay attack’ to be the most dangerous and the most worrying. It is so because, it lets an attacker connect to a 4G LTE network by impersonating a victim’s phone number without any legitimate credentials.
“Through this attack the adversary can poison the location of the victim device in the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation,” the report said.
These vulnerabilities are considered serious and worrying because it cannot be fixed and declare 100% safe without breaking the backward compatibility with old devices, explained information security training professionals.
Apart from 4G, 5G in the future also has to take extreme care in eliminating the vulnerabilities.
Let us hope the best and aspire for safe cyber world ahead!