Researchers find 36 new security flaws in LTE protocol

guest · Mar 23, 2019

Researchers find 36 new security flaws in LTE protocol
South Korean researchers apply fuzzing techniques to LTE protocol and find 51 vulnerabilities, of which 36 were new
March 23, 2019
https://www.zdnet.com/article/researchers-find-36-new-security-flaws-in-lte-protocol/

A group of academics from South Korea have identified 36 new vulnerabilities in the Long-Term Evolution (LTE) standard used by thousands of mobile networks and hundreds of millions of users across the world.

The vulnerabilities allow attackers to disrupt mobile base stations, block incoming calls to a device, disconnect users from a mobile network, send spoofed SMS messages, and eavesdrop and manipulate user data traffic.

But what stands out from previous work is the sheer number of vulnerabilities the KAIST team discovered, and the way they did it.
Because the flaws reside in both the protocol itself and how some vendors have implemented LTE in their devices, researchers believe many other flaws still exist in the real world.
Click to expand...

Minimalist · Jun 23, 2019

LTE Security Vulnerabilities Allow For Easy Spoofing Of Presidential Alerts

The national Wireless Emergency Alert system was put through its first public test last year. It’s capable of sending messages to smartphones, TV, and other devices at the same time. This system was tested for the “Presidential Alert,” which is a new category of emergency alert that you can’t opt out of. However, it appears that these alerts can be spoofed easily by exploiting LTE security vulnerabilities.
Click to expand...

https://www.ubergizmo.com/2019/06/l...low-for-easy-spoofing-of-presidential-alerts/

Floyd 57 · Jun 23, 2019

There's no end to vulnerabilities

Minimalist · Jun 24, 2019

Floyd 57 said: ↑

There's no end to vulnerabilities
Click to expand...

Yes and I wonder if those can even be "patched".

Floyd 57 · Jun 24, 2019

Minimalist said: ↑

Yes and I wonder if those can even be "patched".
Click to expand...

I mean it's like what can you do as an individual? Update to the latest version, educate yourself and hope for the best, it's very unlikely you'll be targetted anyway

Minimalist · Jun 24, 2019

Floyd 57 said: ↑

I mean it's like what can you do as an individual? Update to the latest version, educate yourself and hope for the best, it's very unlikely you'll be targetted anyway
Click to expand...

Yes for targatted attacks that's true. But this alerts can be sent to many (non-targatted) users and could cause panic or something similar. Educating users might help, but it would be better if problem could be resolved at it's source.

guest · Feb 28, 2020

LTE vulnerability allows impersonation of other mobile devices
February 26, 2020
https://nakedsecurity.sophos.com/20...allows-impersonation-of-other-mobile-devices/

Researchers have found a way to impersonate mobile devices on 4G and 5G mobile networks, and are calling on operators and standards bodies to fix the flaw that caused it.

Research into the vulnerability, conducted by academics at Ruhr Universität Bochum and New York University Abu Dhabi, is called Impersonation Attacks in 4G Networks (IMP4GT), although deployment requirements for 5G networks mean that it could work on those newer systems too.
The attack targets LTE networks, exploiting a vulnerability in the way that they authenticate and communicate with mobile devices.

It wouldn’t necessarily let you into someone’s Gmail, because you might still have strong password protection or, more sensibly, be using MFA. Neither would it let you access someone’s SMS-based 2FA messages, David Rupprecht, one of the report’s authors, told us:

"Under the assumption the authentication app is correctly implemented, e.g. uses TLS for the transmission, the attacker can not access that information. Text messages are part of the control plane and are therefore not attackable."
Click to expand...

Rather than just redirecting IP packets, the new attack accesses their payload and also injects arbitrary new packets, giving the researchers control over the mobile session. They do this by mounting a man-in-the-middle attack, impersonating the base station when dealing with the mobile device, and impersonating the mobile device when talking to the base station.

Is this likely to affect you? Fortunately, the researchers themselves suggest:

"Probably not! The attacker needs to be highly skilled and in close proximity to the victim. [...]"
Click to expand...

IMP4GT: IMPersonation Attacks in 4G NeTworks

The IMP4GT (IMPersonation Attacks in 4G NeTworks) (/ˈɪmˌpæk(t)/) attacks exploit the missing integrity protection, and extend it with an attack mechanism on layer three which allows an attacker to impersonate a user towards the network and vice versa. We conduct two IMP4GT variants in a LTE commercial network and demonstrate how this completely breaks the mutual authentication of the user plane LTE and early 5G networks.
Click to expand...

Minimalist · Mar 27, 2020

Flaws in Diameter signalling protocol make all 4G networks prone to denial-of-service attacks

A security assessment of the Diameter signalling protocol performed by the researchers at Positive Technologies shows that all existing 4G networks are susceptible to denial-of-service (DoS) attacks.
Click to expand...

https://www.computing.co.uk/news/4013208/4g-networks-denial-service-attacks

guest · Aug 12, 2020

ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations
Academics detail a new attack on 4G encrypted calls
August 12, 2020
https://www.zdnet.com/article/re-vo...t-4g-lte-calls-to-eavesdrop-on-conversations/

A team of academics has detailed this week a vulnerability in the Voice over LTE (VoLTE) protocol that can be used to break the encryption on 4G voice calls.

Named ReVoLTE, researchers say this attack is possible because mobile operators often use the same encryption key to secure multiple 4G voice calls that take place via the same base station (mobile cell tower).
Academics say they tested the attack in a real-world scenario and found that multiple mobile operators are impacted, and have worked with the GSM Association (GSMA), the organization that governs telephony standards, to have the issue resolved.
Click to expand...

In a real-world scenario, academics say that if an attacker can record a conversation between two 4G users using a vulnerable mobile tower, they can decrypt it at a later point.
The only catch is that the attacker has to place the call from the same vulnerable base station, in order to have its own call encrypted with the same/predictable encryption key.

"The longer the attacker [talks] to the victim, the more content of the previous conversation he or she [is] able to decrypt," David Rupprecht, one of the academics said.
Researchers analyzed a random selection of base stations across Germany and said they found that 80% were using the same encryption key or a predictable one, exposing users to ReVoLTE attacks.
Click to expand...

APP AVAILABLE FOR MOBILE TELCOS
But researchers say that while German mobile operators appear to have fixed the issue, other telcos across the world are most likely vulnerable.

That is why the research team released today an Android app that mobile operators can use to test their 4G networks and base stations and see if they are vulnerable to ReVoLTE attacks. The app has been open-sourced on GitHub.
Details about the ReVoLTE attack are available on a dedicated website the research team published today after presenting their work at the USENIX 29 security conference.
Click to expand...

Today's ReVoLTE disclosure is the latest in a long list of vulnerabilities identified in the 4G/LTE protocol over the past years. Previous findings were also published in March 2019, February 2019, July 2018, June 2018, March 2018, June 2017, July 2016, and October 2015.
Click to expand...

Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE

Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard. By now all major telecommunication operators use VoLTE. To secure the phone calls, VoLTE encrypts the voice data between the phone and the network with a stream cipher.

We introduce ReVoLTE, an attack that exploits an LTE implementation flaw to recover the contents of an encrypted VoLTE call. This enables an adversary to eavesdrop on VoLTE phone calls.
Click to expand...

Log in or Sign up

Researchers find 36 new security flaws in LTE protocol

guest Guest

Minimalist Registered Member

Floyd 57 Registered Member

Minimalist Registered Member

Floyd 57 Registered Member

Minimalist Registered Member

guest Guest

Minimalist Registered Member

guest Guest

Log in or Sign up

Researchers find 36 new security flaws in LTE protocol

guest Guest

Minimalist Registered Member

Floyd 57 Registered Member

Minimalist Registered Member

Floyd 57 Registered Member

Minimalist Registered Member

guest Guest

Minimalist Registered Member

guest Guest

Useful Searches