Article 3T4GA LTE wireless connections used by billions aren’t as secure as we thought

LTE wireless connections used by billions aren’t as secure as we thought

by
Dan Goodin
from Ars Technica - All content on (#3T4GA)
lte.jpg

(credit: BAZ Antennen)

The Long Term Evolution mobile device standard used by billions of people was designed to fix many of the security shortcomings in the predecessor standard known as Global System for Mobile communications. Mutual authentication between end users and base stations and the use of proven encryption schemes were two of the major overhauls. Now, researchers are publicly identifying weaknesses in LTE that allow attackers to send nearby users to malicious websites and fingerprint the sites they visit.

The attacks work because of weaknesses built into the LTE standard itself. The most crucial weakness is a form of encryption that doesn't protect the integrity of the data. The lack of data authentication makes it possible for an attacker to surreptitiously manipulate the IP addresses within an encrypted packet. Dubbed aLTEr, the researchers' attack causes mobile devices to use a malicious domain name system server that, in turn, redirects the user to a malicious server masquerading as Hotmail. The other two weaknesses involve the way LTE maps users across a cellular network and leaks sensitive information about the data passing between base stations and end users.

Well-known attack vectors

The attacks, which are described in a paper published Thursday, require about $4,000 worth of equipment that must be within about one mile of the targeted user. Because the weaknesses are the result of design decisions made when the LTE specification was under development, there is no way to patch them now. End users, however, can protect themselves against aLTEr by only visiting websites that use HTTP Strict Transport Security and DNS Security Extensions.

Read 8 remaining paragraphs | Comments

index?i=_2OfUsWpS_8:Kvqof5FZBs8:V_sGLiPB index?i=_2OfUsWpS_8:Kvqof5FZBs8:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments