New Attacks Against Lte Network Protocol Uncover Past Times Researchers

New Attacks Against LTE Network Protocol Uncover By Researchers 



If your mobile carrier offers LTE, too known equally the 4G network, you lot require to beware equally your network communication tin endure hijacked remotely.A squad of researchers has discovered approximately critical weaknesses inwards the ubiquitous LTE mobile device measure that could permit sophisticated hackers to spy on users' cellular networks, modify the contents of their communications, in addition to fifty-fifty tin re-route them to malicious or phishing websites.
LTE, or Long Term Evolution, is the latest mobile telephony measure used yesteryear billions of people designed to convey many safety improvements over the predecessor measure known equally Global System for Mobile (GSM) communications.

4G LTE Network Vulnerabilities :-
Now, safety researchers from Ruhr-Universität Bochum in addition to New York University Abu Dhabi accept developed 3 novel attacks against LTE applied scientific discipline that allowed them to map users' identity, fingerprint the websites they watch in addition to redirect them to malicious websites yesteryear tampering alongside DNS lookups.
All 3 attacks, explained yesteryear researchers on a dedicated website, abuse the information link layer, too known equally Layer Two, of the ubiquitous LTE network.

The information link layer lies on top of the physical channel, which maintains the wireless communication betwixt the users in addition to the network. It is responsible for organizing how multiple users access resources on the network, helping to right transmission errors, in addition to protecting information through encryption.
Out of three, identity mapping in addition to website fingerprinting developed yesteryear the researchers are passive attacks, inwards which a spy listens to what information is passing betwixt base of operations stations in addition to cease users over the airwaves from the target's phone.

However, the third, DNS spoofing attack, dubbed "aLTEr" yesteryear the team, is an active attack, which allows an aggressor to perform man-in-the-middle attacks to intercept communications in addition to redirect the victim to a malicious website using DNS spoofing attacks.
-->LTE Vulnerabilities Also Impact Forthcoming 5G Standard :---

Forthcoming 5G networks may too endure vulnerable to these attacks, equally the squad said that although 5G supports authenticated encryption, the characteristic is non mandatory, which probable agency most carriers produce non intend to implement it, potentially making 5G vulnerable equally well.

"The operate of authenticated encryption would forestall the aLTEr attack, which tin endure achieved through the add-on of message authentication codes to user plane packets," the researchers said.
"However, the electrical flow 5G specification does non require this safety characteristic equally mandatory, only leaves it equally an optional configuration parameter."

-->How Can You Protect Against LTE Network Attacks 

The simplest way to protect yourself from such LTE network attacks is to ever hold off out for the secure HTTPS domain on your address bar.
The squad suggests 2 exemplary countermeasures for all carriers:

1.) Update the specification: All carriers should band together to ready this number yesteryear updating the specification to operate an encryption protocol alongside authentication similar AES-GCM or ChaCha20-Poly1305.

However, the researchers believe this is probable non viable inwards practice, equally the implementation of all devices must endure changed to produce this, which volition Pb to a high fiscal in addition to organizational effort, in addition to most carriers volition non bother to produce that.

2.) Correct HTTPS configuration: Another solution would endure for all websites to adopt the HTTP Strict Transport Security (HSTS) policy, which would human activity equally an additional layer of protection, helping forestall the redirection of users to a malicious website.

Besides the dedicated website, the squad has too published a query newspaper [PDF] alongside all the technical details almost the aLTEr attack. Full technical details of the attacks are due to endure presented during the 2019 IEEE Symposium on Security in addition to Privacy adjacent May.

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel