Posted on March 7, 2018 at 5:27 AM
Researchers have identified 10 exploitation methods that criminals can take advantage of in the 4 major cell carrier networks. Possible attacks include removing a phone from the network, sending fake emergency alerts and more. While networks are already touting the benefits of the 5G network, it is clear that the existing 4G LTE services need some security upgrades.
Networks are open to exploitation
A number of security flaws on 4G LTE networks is posing some issues for law enforcement and consumer privacy. Attackers are able to listen in on phone calls, intercept text messages, boot devices from the network, and fake emergency alerts. Researchers at Purdue University and the University of Iowa have outlined ten attacks that criminals have used to exploit 4G LTE networks in the US. According to their report, three critical protocol operations weaknesses are exposing cell users to attack.
These security issues result in different types of vulnerabilities, leading to user impersonation, falsifying device location and more. Criminals accomplish these effects through authentication relay attacks. According to researchers, anyone can carry out an attack through these means, for a small budget. Anywhere from $1000 to $4000 can purchase open source 4G LTE software. This is a very low barrier to entry for most people who would wish to compromise cell behavior.
These issues are each problematic in their own way. If an attacker uses these tactics to spoof location, he could mislead police investigations and forge false alibis. Fake emergency alerts can cause mass panic, a la Hawaiian Missile scare. The January incident caused panic, and it is clear that those with malintent might wish to replicate the situation with false alerts. Knocking phones off the network leaves people unable to dial emergency services should they need them. Intercepting information opens users up to identity theft and other fraud. It is clear that these problems are serious. Some users have started using more secure apps, like Signal or WhatsApp when sharing information on their cell phones. These apps are encrypted and make user data safer.
Safer networks are needed now
The researchers created a sweeping software called LTEInspector, which enabled them to detect vulnerabilities in the cell network. This software is currently under test. So far, the framework functions well. They have identified 8 attacks in real time and monitored 10 total attacks. The attacks they tracked were made possible due to lacking proper authentication on the cell network.
Researchers aren’t releasing the proof-of-concept in LTEInspector until all bugs are fixed. However, their findings have already helped one carrier clean up their act. One of the major networks in the US wasn’t using authentication protocols at all until their findings prompted them to change their ways.
Cell carriers are already promising safer, faster 5G networks. Realistically, though, 4G LTE will be the common technology for the years it will take to upgrade cell infrastructure. It is still vitally important to fix security flaws in the existing network.