Influenza A virus subtype H5N1 squad of researchers has discovered around critical weaknesses inwards the ubiquitous LTE mobile device measure that could let sophisticated hackers to spy on users' cellular networks, modify the contents of their communications, as well as fifty-fifty tin re-route them to malicious or phishing websites.
LTE, or Long Term Evolution, is the latest mobile telephony measure used past times billions of people designed to select many safety improvements over the predecessor measure known equally Global System for Mobile (GSM) communications.
However, multiple safety flaws accept been discovered over the past times few years, allowing attackers to intercept user's communications, spy on user telephone calls as well as text messages, shipping faux emergency alerts, spoof place of the device as well as knock devices solely offline.
4G LTE Network Vulnerabilities
Now, safety researchers from Ruhr-Universität Bochum as well as New York University Abu Dhabi accept developed 3 novel attacks against LTE technology that allowed them to map users' identity, fingerprint the websites they see as well as redirect them to malicious websites past times tampering amongst DNS lookups.
All 3 attacks, explained past times researchers on a dedicated website, abuse the information link layer, besides known equally Layer Two, of the ubiquitous LTE network.
The information link layer lies on top of the physical channel, which maintains the wireless communication betwixt the users as well as the network. It is responsible for organizing how multiple users access resources on the network, helping to right transmission errors, as well as protecting information through encryption.
Out of three, identity mapping as well as website fingerprinting developed past times the researchers are passive attacks, inwards which a spy listens to what information is passing betwixt base of operations stations as well as cease users over the airwaves from the target's phone.
However, the third, DNS spoofing attack, dubbed "aLTEr" past times the team, is an active attack, which allows an assailant to perform man-in-the-middle attacks to intercept communications as well as redirect the victim to a malicious website using DNS spoofing attacks.
What is aLTEr Attack?
"The aLTEr laid on exploits the fact that LTE user information is encrypted inwards counter manner (AES-CTR) but non integrity protected, which allows us to modify the message payload: the encryption algorithm is malleable, as well as an adversary tin modify a ciphertext into around other ciphertext which later on decrypts to a related plaintext," the researchers said inwards their paper.
In aLTEr attack, an assailant pretends to endure a existent jail cellphone tower to the victim, spell at the same fourth dimension besides pretending to endure the victim to the existent network, as well as and then intercepts the communications betwixt the victim as well as the existent network.
How aLTEr Attack Targets 4G LTE Networks?
As a proof-of-concept demonstration, the squad showed how an active assailant could redirect DNS (domain advert system) requests as well as and then perform a DNS spoofing attack, causing the victim mobile device to utilisation a malicious DNS server that eventually redirects the victim to a malicious site masquerading equally Hotmail.The researcher performed the aLTEr laid on inside a commercial network as well as commercial telephone inside their lab environment. To foreclose unintended inference amongst the existent network, the squad used a shielding box to stabilize the radio layer.
Also, they laid upwardly 2 servers, their DNS server, as well as an HTTP server, to imitate how an assailant tin redirect network connections. You tin run across the video demonstration to scout the aLTEr laid on inwards action.
The laid on is dangerous, but it is hard to perform inwards real-world scenarios. It besides requires equipment (USRP), virtually $4,000 worth, to operate—something similar to IMSI catchers, Stingray, or DRTbox—and commonly plant inside a 1-mile radius of the attacker.
However, for an tidings agency or well-resourced, skilled attacker, abusing the laid on is non trivial.
LTE Vulnerabilities Also Impact Forthcoming 5G Standard
Forthcoming 5G networks may besides endure vulnerable to these attacks, equally the squad said that although 5G supports authenticated encryption, the characteristic is non mandatory, which probable way most carriers produce non intend to implement it, potentially making 5G vulnerable equally well.
"The utilisation of authenticated encryption would foreclose the aLTEr attack, which tin endure achieved through the add-on of message authentication codes to user bird packets," the researchers said.
"However, the electrical flow 5G specification does non require this safety characteristic equally mandatory, but leaves it equally an optional configuration parameter."
What's Worse? LTE Network Flaws Can't endure Patched Straightaway
Since the attacks run past times abusing an inherent pattern flaw of the LTE network, it cannot endure patched, equally it would require overhauling the entire LTE protocol.
As purpose of its responsible disclosure, the squad of 4 researchers—David Rupprecht, Katharina Kohls, Thorsten Holz, as well as Christina Pöpper—notified both the GSM Association as well as the 3GPP (3rd Generation Partnership Project, along amongst other telephone companies, earlier going world amongst their findings.
In answer to the attacks, the 3GPP group, which develops standards for the telecommunication industry, said that an update to the 5G specification powerfulness endure complicated because carriers similar Verizon as well as AT&T accept already started implementing the 5G protocol.
How Can You Protect Against LTE Network Attacks?
The simplest way to protect yourself from such LTE network attacks is to e'er expect out for the secure HTTPS domain on your address bar.
The squad suggests 2 exemplary countermeasures for all carriers:
1.) Update the specification: All carriers should band together to laid this number past times updating the specification to utilisation an encryption protocol amongst authentication similar AES-GCM or ChaCha20-Poly1305.
However, the researchers believe this is probable non viable inwards practice, equally the implementation of all devices must endure changed to produce this, which volition atomic number 82 to a high fiscal as well as organizational effort, as well as most carriers volition non bother to produce that.
2.) Correct HTTPS configuration: Another solution would endure for all websites to adopt the HTTP Strict Transport Security (HSTS) policy, which would deed equally an additional layer of protection, helping foreclose the redirection of users to a malicious website.
Besides the dedicated website, the squad has besides published a query newspaper [PDF] amongst all the technical details virtually the aLTEr attack. Full technical details of the attacks are due to endure presented during the 2019 IEEE Symposium on Security as well as Privacy adjacent May.
