New 4G LTE attacks can spy on messages, track user location, and more

One of the attacks can spoof the location of a user, which could make it harder for police to track criminals.

Video: How enterprise IT can prepare for Bring Your Own Everything device policies
Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • A set of new cyberattacks, discovered by university researchers, exploit network protocol operations to spy on calls and messages, tracks a user's location, and send fake alerts.
  • One attack exploiting vulnerabilities in 4G LTE protocol operations allows a user to spoof their location, making them more difficult to track by law enforcement.

A set of 10 new cyberattacks on 4G LTE networks can be used to spy on user calls and messages, track a user's location, send fake alerts, or take a device completely offline, as detailed in new research from Purdue University and the University of Iowa.

The new attacks join a set of nine others that take advantage of vulnerabilities in three distinct procedures in the 4G LTE protocol known as attach, detach, and paging. The researchers used a testing approach called LTEInspector and were able to verify eight of the 10 attacks in a real testbed.

Even though the industry is on the cusp of 5G adoption, 4G LTE will continue to exist for a long time. That means that attacks leveraging these vulnerabilities will be around for a long time, as noted by Zack Whittaker of our sister site ZDNet.

SEE: Mobile device computing policy (Tech Pro Research)

One of the biggest findings was an authentication relay attack that allows an attacker to connect to a network by impersonating a victim's phone number. "Through this attack the adversary can poison the location of the victim device in the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation," the report said.

Another attack noted in the research report was one that uses a device's location data to form a denial of service (DoS) attack against the device and take it offline. This attack can also hijack the paging channel to inject fake notifications or cut off a device's access to notifications, the report said.

What's crazy is that many of these attacks can be carried out for a relatively low cost. As noted by ZDNet, tools to mount these attacks can be built for $1,300 to $3,900.

"The root cause of most of these attacks are the lacks of proper authentication, encryption, and replay protection in the important protocol messages," Syed Rafiul Hussain, one of the researchers on the project, told ZDNet.

Also see

Image: iStockphoto/LV4260