4G LTE networks vulnerable to hacking and fake emergency alerts
Security flaws have been discovered in 4G LTE networks that could allow hackers to send fake emergency alerts or forge the location of mobile devices.
In a paper from researchers at Purdue University, Indiana, a total of 19 flaws were identified: ten new exploits along with nine prior attacks.
These include the authentication relay attack, which enables a hacker to connect to core networks without the necessary credentials.
This would allow them to impersonate and fake the location of a victim device, according to the researchers.
Another noteworthy attack allows adversaries to obtain a user’s location information and perform denial of service attacks. By hijacking the device’s paging channel, the attacker can stop notifications from coming in and even fabricate messages.
Other attacks include the ability to send fake emergency paging messages to a large number of devices, drain a victim device’s battery by forcing it to perform expensive cryptographic operations, and disconnect a device from the core network.
These attacks occur within three critical procedures of the 4G LTE protocol: attach, detach and paging.
These processes allow a user to connect to the network, disconnect from the network, and receive calls and messages. These procedures are also critical to the reliable functionality of several other procedures.
The researchers used a testing approach they call “LTEInspector” to expose the vulnerabilities. The tool combines the power of a symbolic model checker and a protocol verifier.
“Our tool is the first one that provides a systematic analysis for these three particular procedures in 4G LTE networks,” said Syed Hussain, a graduate student in computer science at Purdue University. “Combining the strength of these two tools is novel in the context of 4G LTE.”
To confirm that the attacks identified in the paper pose a real threat, the researchers validated eight of the 10 new attacks through experimentation in a real testbed.
It looks as though there is no easy way to fix these vulnerabilities. Retrospectively adding security into an existing system without breaking backward compatibility often yields Band-Aid like solutions, which don’t hold up under extreme circumstances, according to the paper.
Addressing the authentication relay attacks may require a major infrastructural overhaul. Although with 5G networks being launched in the next year, this could be a good opportunity to plug the holes.
“Device manufacturers and cell phone networks will both need to work to fix these problems,” Hussain said. “We need a major overhaul of the entire system to eliminate these vulnerabilities.”
Last month EE unveiled a new 4G home broadband solution which could connect 580,000 homes across the UK, especially those in rural areas that are currently only able to access broadband slower than 10Mbps.