Billions of devices are open for exploitation
Research from David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper at Ruhr-Universität Bochum, resulted that all the devices with LTE enabled are exposed to a serious flaw which can let hackers perform malicious tricks. The research titled as IMP4GT, meaning IMPersonation Attacks in 4G NeTworks defines the security gap of LTE networks and how opportunists can exploit it. This 4G standard is currently used by billions of devices which include smartphones and IoT devices.
But How?
Whenever there’s a communication between a phone (LTE device) and a base station via radio signals, these are transmitted by encrypting the data packets. But the LTE vulnerability can let attackers intercept this communication by sending the changed bits as 0 to 1 or vice versa, to trigger an error. This would eventually cause the system to either decrypt or encrypt the signals and reveal the data in plain text. Thus, this interception can be used by attackers to read and write data, by sending their desired commands. These commands can be subscribing to fee-based services or rerouting the devices to other malicious websites etc. Here, the attacker can simply impersonate as the device to order services that are later being paid by the owner, as a part of their mobile bills. Aside from subscribing to services, attackers can also impersonate in crime incidents and let the legitimate book in. As they could simple impersonate someone’s device, they can leave that vulnerable devices traces in a suspicious incident and escape. Yet, researchers said that the attacker needs to be in close proximity to attack and intercept communication. Further, this gap is said to be solved in the upcoming 5G network standard. Researchers are gearing up to explain this issue at Network Distributed System Security Symposium in San Diego, on February 25th this year. But even before that, you can go through the entire research on their dedicated website www.imp4gt-attacks.net.