Communications of the ACM
Security Gaps Identified in LTE Mobile Telephony Standard
All devices using the LTE network, including most mobile phones and tablets, are affected by the security gap.
Cyberattackers can identify which websites users visit and reroute them to scam websites by abusing security weaknesses in the LTE mobile telephony standard, researchers at Ruhr-Universitat Bochum in Germany have found. They determined all devices using LTE or 4G are affected, and the weaknesses, which are impossible to close, are still present in the upcoming 5G mobile telephony standard.
Under the 4G and upcoming 5G standards, the payload transmitted via LTE is encrypted, but its integrity is not verified. "An attacker can alter the encrypted data stream and reroute the messages to his own server without alerting the user," warns Ruhr-Universitat Bochum's David Rupprecht.
Attackers can also use special equipment to intercept the communication between the phone and the base station, and reroute the user to a fake website by altering the messages, Rupprecht says.
From Ruhr-University Bochum
View Full Article
Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA
No entries found