Feb 23, 2020
Berlin: Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity.
The vulnerability — which affects virtually all mobile phones, tablets and some connected household appliances — may also hamper investigations of law enforcement agencies because attackers can not only make purchases in the victim’s name but can also access websites using the victim’s identity.
For example, an attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator, said researchers from Ruhr-Universitat Bochum public university.
“An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them,” said Professor Thorsten Holz from Horst Gortz Institute for IT Security.
Only changing the hardware design would mitigate the threat.
The team is attempting to close the security gap in the latest mobile communication standard 5G, which is currently rolled out.
“Mobile network operators would have to accept higher costs, as the additional protection generates more data during the transmission. In addition, all mobile phones would have to be replaced and the base station expanded. That is something that will not happen in the near future,” said David Rupprecht.
The problem is the lack of integrity protection: data packets are transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping.
However, it is possible to modify the exchanged data packets.
“We don’t know what is where in the data packet, but we can trigger errors by changing bits from 0 to 1 or from 1 to 0,” said Rupprecht.
By provoking such errors in the encrypted data packets, the researchers can make a mobile phone and the base station decrypt or encrypt messages.
They not only can convert the encrypted data traffic between the mobile phone and the base station into plain text, they can also send commands to the mobile phone, which are then encrypted and forwarded to the provider – such as a purchase command for a subscription.
The researchers from Bochum used so-called software-defined radios for the attacks.
These devices enable them to relay the communication between mobile phone and base station.
Thus, they trick the mobile phone to assume that the software-defined radio is the benign base station; to the real network, in turn, it looks as if the software-defined radio was the mobile phone.
For a successful attack, the attacker must be in the vicinity of the victim’s mobile phone, said the researchers. IANS
SC grants anticipatory bail to Neha Singh Rathore over objectionable posts on PM Modi, Pahalgam attack
New Delhi: The Supreme Court on Wednesday allowed the anticipatory bail plea of folk singer Neha Singh Rathore in connection with an FIR lodged in Uttar Pradesh over her allegedly...
Madurai Airport to become International Airport: Cabinet
New Delhi: The Union Cabinet, chaired by Prime Minister Narendra Modi, on Tuesday approved the declaration of Tamil Nadu's Madurai Airport as an international airport. Located in the Temple City,...
Chandigarh becomes fully literate UT
Chandigarh: Chandigarh has achieved a major milestone by attaining a literacy rate of 99.93 per cent, making it a fully literate Union Territory (UT). To celebrate this achievement,...
Baramati plane crash: Pinky Mali’s family says VRS owner threatening them to stay away from media
Mumbai: The family of Pinky Mali, a flight attendant who died in the Baramati plane crash, has alleged that the owner of the charter company involved in the incident attempted...
Death toll rises to 7 in Indonesia’s waste mound collapse
Jakarta: The death toll from a massive garbage avalanche at Indonesia's largest landfill rose to seven, the Jakarta Search and Rescue Office said on Tuesday. The search and rescue operation...
Pakistan admits to targeting India’s aid to Afghanistan, attacks during Ramadan hurting women, children
United Nations: Pakistan has made a tacit admission that it was targeting India’s assistance to Afghanistan and that its air attacks during Ramadan were hurting mostly women and children. ...
US bars foreign nationals from small business loan access
Washington: The US Small Business Administration (SBA) has announced a new policy barring foreign nationals and non-citizens from accessing federally backed small business loans, saying the move is aimed at...
Oil prices plunge 30 pc from record high, slip below $90 a barrel
New Delhi: Oil prices declined sharply on Tuesday, trading below $90 per barrel after US President Donald Trump predicted the war in the Middle East could end soon. Brent futures...
US launches $20 billion Gulf shipping insurance pla
Washington: The United States unveiled a $20 billion maritime reinsurance plan aimed at protecting shipping and stabilising trade through the Gulf region amid tensions linked to the conflict with...
US loses 92,000 jobs in Feb as economy shows signs of weakness
Washington: The United States lost 92,000 jobs in February, according to data released by the Bureau of Labour Statistics, signalling potential weakness in the US economy. Nonfarm payrolls fell...
US, Venezuela agree to resume diplomatic relations
Washington:The US State Department announced that the United States and Venezuela have agreed to re-establish diplomatic and consular relations. Venezuela severed diplomatic ties with the United States in January...
Nepal stares at lowest voter turnout since 1991 parliamentary elections
Kathmandu: Parliamentary elections in Nepal, which concluded in a largely peaceful environment on Thursday, recorded a relatively lower voter turnout. Acting Chief Election Commissioner Ram Prasad Bhandari said at...
