Scientists spot 4G bug that can help hackers impersonate you

Feb 23, 2020
Berlin: Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity.

The vulnerability — which affects virtually all mobile phones, tablets and some connected household appliances — may also hamper investigations of law enforcement agencies because attackers can not only make purchases in the victim’s name but can also access websites using the victim’s identity.

For example, an attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator, said researchers from Ruhr-Universitat Bochum public university.

“An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them,” said Professor Thorsten Holz from Horst Gortz Institute for IT Security.

Only changing the hardware design would mitigate the threat.

The team is attempting to close the security gap in the latest mobile communication standard 5G, which is currently rolled out.

“Mobile network operators would have to accept higher costs, as the additional protection generates more data during the transmission. In addition, all mobile phones would have to be replaced and the base station expanded. That is something that will not happen in the near future,” said David Rupprecht.

The problem is the lack of integrity protection: data packets are transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping.

However, it is possible to modify the exchanged data packets.

“We don’t know what is where in the data packet, but we can trigger errors by changing bits from 0 to 1 or from 1 to 0,” said Rupprecht.

By provoking such errors in the encrypted data packets, the researchers can make a mobile phone and the base station decrypt or encrypt messages.

They not only can convert the encrypted data traffic between the mobile phone and the base station into plain text, they can also send commands to the mobile phone, which are then encrypted and forwarded to the provider – such as a purchase command for a subscription.

The researchers from Bochum used so-called software-defined radios for the attacks.

These devices enable them to relay the communication between mobile phone and base station.

Thus, they trick the mobile phone to assume that the software-defined radio is the benign base station; to the real network, in turn, it looks as if the software-defined radio was the mobile phone.

For a successful attack, the attacker must be in the vicinity of the victim’s mobile phone, said the researchers. IANS

IICC chief Khurshid and Bihar MLA Iman address a grand India diaspora event in Riyadh

RIYADH: Senior Indian politician and Congress stalwart Salman Khurshid, former Minister of External Affairs, has lent his support to open several chapters of the India Islamic Cultural Center (IICC) in...

BJP’s notice to party’s veteran minister Anil Vij in Haryana

Chandigarh: Haryana’s senior-most minister and seven-time lawmaker Anil Vij was issued a show cause notice by the BJP on Monday for making public statements against the Chief Minister and the...

Foreign Affairs Advisor Hossain to meet EAM Jaishankar in Muscat: Bangladesh media reports

Dhaka :Touhid Hossain, the Foreign Affairs Advisor to the interim government in Bangladesh led by Muhammad Yunus, is expected to meet External Affairs Minister (EAM) S. Jaishankar on the sidelines...

2 pc rise in vote share a step forward: Cong on Delhi election defeat

New Delhi: Congress National Spokesperson Ragini Nayak on Monday acknowledged the party's underwhelming performance in the Delhi Assembly elections, where 67 of its 70 candidates lost their security deposits. However,...

Student from PM Modi’s constituency calls ‘Pariksha Pe Charcha’ an ‘unforgettable experience’

Varanasi: Students from across India participated in Prime Minister Narendra Modi's flagship event, 'Pariksha Pe Charcha' (PPC) 2025, expressing their excitement and appreciation for how the interaction helped them stay...

Trump says he will announce 25 pc duties on steel, aluminum imports; threatens more to come

New York: US President Donald Trump has said that he will announce a 25 per cent duty on all steel and aluminum imports, a long-standing contentious category of trade for...

No one has power to displace Palestinians: Turkish President

Istanbul: Turkish President Recep Tayyip Erdogan said that no one has the power to displace Palestinians from their homeland. "No one has the power to expel Gazans from their ancient...

Will rename Mustafabad to Shivpuri or Shiv Vihar: Delhi BJP MLA

New Delhi: The newly elected BJP MLA from Mustafabad, Mohan Singh Bisht, on Sunday said that the Assembly constituency would soon be renamed to Shivpuri or Shiv Vihar. He won...

Meta likely to lay off thousands of employees, says leaked memo

New Delhi: Tech giant Meta is expected to lay off around 3,000 employees, which is about 5 per cent of its total workforce, as per a leaked internal memo, reports...

UAE condemns Netanyahu’s remarks on Palestinian state in Saudi Arabia

Abu Dhabi: The United Arab Emirates (UAE) strongly condemned remarks made by Israeli Prime Minister Benjamin Netanyahu, who suggested that a Palestinian state could be established on Saudi Arabian territory....

Kaliningrad transitions to independent power operation as Baltic states exit Russian grid

Moscow/Vilnius: The Kaliningrad region, a Russian enclave bordered by the Baltic states, has transitioned to independent power operation following the withdrawal of Latvia, Lithuania and Estonia from the unified energy...

Delhi electorate sends clear message: AAP’s leadership defeated over ‘corruption’ scandals

New Delhi: The Delhi election outcome on Saturday delivered a major body blow to both the Aam Aadmi Party (AAP) and its supremo Arvind Kejriwal. After a decade-long dominance, Kejriwal...

Read Previous

Finishing touches being given at the Motera Stadium for the Feb 24 “Namaste Trump” event in Ahmedabad . (Photo IANS/PIB)

Read Next

Samsung Galaxy A51: All rounder mid-range smartphone

WP2Social Auto Publish Powered By : XYZScripts.com