New LTE attacks can reveal accessed websites, direct victims to malicious sites

If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely.

A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on users' cellular networks, modify the contents of their communications, and even can re-route them to malicious or phishing websites.

LTE, or Long Term Evolution, is the latest mobile telephony standard used by billions of people designed to bring many security improvements over the predecessor standard known as Global System for Mobile (GSM) communications.

However, multiple security flaws have been discovered over the past few years, allowing attackers to intercept user's communications, spy on user phone calls and text messages, send fake emergency alerts, spoof location of the device and knock devices entirely offline.
  

4G LTE Network Vulnerabilities

Now, security researchers from Ruhr-Universität Bochum and New York University Abu Dhabi have developed three novel attacks against LTE technology that allowed them to map users' identity, fingerprint the websites they visit and redirect them to malicious websites by tampering with DNS lookups.

All three attacks, explained by researchers on a dedicated website, abuse the data link layer, also known as Layer Two, of the ubiquitous LTE network.

The data link layer lies on top of the physical channel, which maintains the wireless communication between the users and the network. It is responsible for organizing how multiple users access resources on the network, helping to correct transmission errors, and protecting data through encryption.

Out of three, identity mapping and website fingerprinting developed by the researchers are passive attacks, in which a spy listens to what data is passing between base stations and end users over the airwaves from the target's phone.

However, the third, DNS spoofing attack, dubbed "aLTEr" by the team, is an active attack, which allows an attacker to perform man-in-the-middle attacks to intercept communications and redirect the victim to a malicious website using DNS spoofing attacks.

 

Three new attacks against the LTE 4G wireless data communications technology have been pinpointed by researchers from Ruhr-University Bochum and New York University Abu Dhabi.
All three target the technology’s data link layer protocols and impair the confidentiality and/or privacy of LTE communication.

 

The attacks

Two of the attacks are passive and one is active.
“We first present a passive identity mapping attack that matches volatile radio identities to longer lasting network identities, enabling us to identify users within a cell and serving as a stepping stone for follow-up attacks,” the researchers explained.
“Second, we demonstrate how a passive attacker can abuse the resource allocation as a side channel to perform website fingerprinting that enables the attacker to learn the websites a user accessed.”
The third attack, dubbed aLTEr, exploits the fact that LTE user data is encrypted in counter mode (AES-CTR) but not integrity protected, and allows attackers to modify the message payload.
The researchers showed how this attack could be used to perform a DNS spoofing attack to redirect targeted users to a malicious (e.g., phishing) website:

They say that the attacks might require too much effort to be aimed at the general public, but highly resourceful attackers (e.g., attackers backed by nation-states) might deploy them to target people of special interest such as politicians or journalists.
The success of the attacks depend on many things: specialized hardware, a customized implementation of the LTE protocol stack, the attacker being in close proximity to the victim.
“In addition, a controlled environment helps to be successful within an acceptable amount of time,” they noted. “In particular, the use of a shielding box helps to maintain a stable and noise-free connection to the attack setup. Especially the latter cannot be maintained in a real-world situation and more engineering effort is required for real-world attacks.”
More technical details about the attack can be found in the published paper .

What now?

The researchers have notified the GSM Association (GSMA) of their findings earlier this year, and they in turn informed network providers and the 3rd Generation Partnership Project (3GPP), which is the specification body responsible for the development and maintenance of LTE, related 4G standards, and 5G standards.
The researchers have put forward countermeasures for the attacks, but one of them (specification update) is unlikely to be practical, as the implementation of all devices would have to be changed.
Another one involves using correct parameters for HTTPS to prevent the redirection to a malicious website.
Even 5G is not immune to the aLTEr attacks, the researchers pointed out.
“The use of authenticated encryption would prevent the aLTEr attack, which can be achieved through the addition of message authentication codes to user plane packets. However, the current 5G specification does not require this security feature as mandatory, but leaves it as optional configuration parameter.”
5G technology is just beginning to be introduced by cellular network providers and it will take the rest of the world many years to catch up. In the meantime, we’re stuck with the insecure LTE 4G standard.

How Can You Protect Against LTE Network Attacks?

The simplest way to protect yourself from such LTE network attacks is to always look out for the secure HTTPS domain on your address bar.

The team suggests two exemplary countermeasures for all carriers:

1.) Update the specification: All carriers should band together to fix this issue by updating the specification to use an encryption protocol with authentication like AES-GCM or ChaCha20-Poly1305.

However, the researchers believe this is likely not feasible in practice, as the implementation of all devices must be changed to do this, which will lead to a high financial and organizational effort, and most carriers will not bother to do that.

2.) Correct HTTPS configuration: Another solution would be for all websites to adopt the HTTP Strict Transport Security (HSTS) policy, which would act as an additional layer of protection, helping prevent the redirection of users to a malicious website.

Besides the dedicated website, the team has also published a research paper [PDF] with all the technical details about the aLTEr attack. Full technical details of the attacks are due to be presented during the 2019 IEEE Symposium on Security and Privacy next May.

_______________________________________

       CONTACT US..!!

_______________________________________

 

https://www.facebook.com/Walkalone3933
https://www.instagram.com/walk._.alone
Instagram :- Coming Soon..!!
                                                                  

---------->Walk._.Alone<-----------