Cybersecurity researchers are starting to publicly expose a number of vulnerabilities of the Long Term Evolution standard, a 4G specification that's presently the most used technology for mobile communications all over the world and is generally thought to be highly secure. A new research paper published last week outlines a number of such issues that allow attackers to spy on users and reroute their devices using specialized equipment. The GSM Association consortium doesn't consider the newly reported problems to be critical in nature due to the convoluted setup they require and doesn't believe they were ever used to target devices in the past.
Besides equipment worth some $4,000, the attacks must be performed within a one-mile radius of the target. Aptly called "aLTEr," the technique exploits the fundamental design of the LTE specification and hence cannot be adequately patched in any manner. Due to the lack of data authentication suspect encryption protocols, exploiting the vulnerability can allow attackers to infect encrypted packets and manipulate the IP addresses they're sending to users even without fully discovering their contents. With the help of a malicious domain name server, the attackers can hence redirect unsuspecting users to phishing websites or other destinations used for stealing their information, infecting their devices, or spying on them.
Another design flaw of LTE pertains to its user mapping techniques which can be exploited for obtaining sensitive information exchanged by cellular devices and base stations, as per the same report authored by an international team of security researchers. Users can eliminate the risk of being compromised by aLTEr by only visiting websites that utilize DNS Security Extensions and the HTTP Strict Transport Security protocol. The GSM Association has already been aware of the vulnerabilities prior to their publication, the consortium said in a statement. The Release 15 5G standard can mitigate the weaknesses through a technology caller user plane integrity protection but the latest version of the standard defines that solution as an optional addition to any wireless implementation, whereas the researchers behind the latest report are now urging the 3GPP to make the system mandatory and avoid cross-generational vulnerabilities.