Study finds security gaps in LTE standard

July 04, 2018 // By Jean-Pierre Joosting
A study carried out by security experts from Horst Görtz Institute at Ruhr-Universität Bochu has found that by abusing security weaknesses in the LTE standard attackers are able to identify which web pages a user visits and to reroute him to a scam website.

All devices using LTE, also referred to as 4G, are affected as well as certain household devices connected to the network. The weaknesses are impossible to close. Further, they are also still present in the upcoming mobile 5G standard. However, the problem may be stemmed with the aid of other security mechanisms in browsers or apps.

The findings have been published by David Rupprecht, Katharina Kohls, Prof Dr Thorsten Holz and Prof Dr Christina Pöpper on the website https://aLTEr-Attack.net.

 

Rerouting users to wrong websites

The payload transmitted via LTE is encrypted, but its integrity is not verified. "An attacker can alter the encrypted data stream and reroute the messages to his own server without alerting the user," explains David Rupprecht. In order to do so, the attacker has to be in the vicinity of the mobile phone being targeted. Using special equipment, the attacker intercepts the communication between the phone and the base station and reroutes the user to a fake website by altering the messages. On that website, the attacker can then perform any actions he/she chooses, including monitoring the passwords as they are entered.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.