Skip to content

March 4, 2018

LTE security holes could lead to fake emergency alerts

by John_A

Vulnerabilities in cellular network technology definitely aren’t things of the past. Researchers at Purdue and the University of Iowa have outlined exploits in LTE protocols that would let intruders conduct ten serious attacks, including spying on calls and text messages, tracking locations, knocking devices offline and even faking emergency alerts. Intuders can take advantage of three key protocol tasks (such as attaching a device to the network and maintaining a connection) to conduct authentication relay attacks that not only let them connect to the network without credentials, but masquerade as the victim’s device. A hacker could not only compromise the network, but frame someone else for the crime.

These aren’t just theoretical attacks, either. The team tested eight of the ten attacks using SIM cards from four large US carriers.

While the issues have to do with LTE itself, it is possible to fix them — at least one of the big US carriers already has. There’s still a race against time, however. You can build the necessary LTE exploit tool for as little as $1,300 using readily available parts, so a determined attacker could infiltrate a network without an abundance of resources.

This stresses the importance of testing cell standards in the real world. It’s relatively easy to fix security flaws before a standard is finalized and rolls out in earnest — it’s another when it’s already in use by cell carriers that may have to patch vast networks.

Source: ZDNet

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: