Scientists spot 4G bug that can help hackers impersonate you

Feb 23, 2020
Berlin: Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity.

The vulnerability — which affects virtually all mobile phones, tablets and some connected household appliances — may also hamper investigations of law enforcement agencies because attackers can not only make purchases in the victim’s name but can also access websites using the victim’s identity.

For example, an attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator, said researchers from Ruhr-Universitat Bochum public university.

“An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them,” said Professor Thorsten Holz from Horst Gortz Institute for IT Security.

Only changing the hardware design would mitigate the threat.

The team is attempting to close the security gap in the latest mobile communication standard 5G, which is currently rolled out.

“Mobile network operators would have to accept higher costs, as the additional protection generates more data during the transmission. In addition, all mobile phones would have to be replaced and the base station expanded. That is something that will not happen in the near future,” said David Rupprecht.

The problem is the lack of integrity protection: data packets are transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping.

However, it is possible to modify the exchanged data packets.

“We don’t know what is where in the data packet, but we can trigger errors by changing bits from 0 to 1 or from 1 to 0,” said Rupprecht.

By provoking such errors in the encrypted data packets, the researchers can make a mobile phone and the base station decrypt or encrypt messages.

They not only can convert the encrypted data traffic between the mobile phone and the base station into plain text, they can also send commands to the mobile phone, which are then encrypted and forwarded to the provider – such as a purchase command for a subscription.

The researchers from Bochum used so-called software-defined radios for the attacks.

These devices enable them to relay the communication between mobile phone and base station.

Thus, they trick the mobile phone to assume that the software-defined radio is the benign base station; to the real network, in turn, it looks as if the software-defined radio was the mobile phone.

For a successful attack, the attacker must be in the vicinity of the victim’s mobile phone, said the researchers. IANS

Maha Cabinet to ask Centre to raise OBC non-creamy layer income cap

Mumbai: In the run-up to the Assembly election, the Maharashtra Cabinet on Thursday decided to recommend to the Centre for an increase in the non-creamy layer income cap from Rs...

Kerala HC inquires about Central funds for landslide-hit Wayanad

Kochi: The Kerala High Court on Thursday sought the Central government's response on funds for disaster relief in the state's landslide-hit Wayanad. The court, which had initiated a suo moto...

Hurricane Milton leaves trial of death of destruction, 3 mn without power

Washington: Hurricane Milton has left a trail of death and destruction in the US state of Florida, with reports of more than three million customers without electricity. Milton made landfall...

When Ratan Tata opened his heart on how Cupid struck him in US

Mumbai: Nearly five years ago, on the eve of Valentine's Day, the darling of the corporate world, Ratan Naval Tata, bared his heart to reveal how he was struck by...

Maha Cabinet seeks Bharat Ratna for Ratan Tata; passes resolution to appeal to Centre

Mumbai: The Maharashtra Cabinet chaired by Chief Minister Eknath Shinde on Thursday on behalf of all citizens of Maharashtra paid tributes to veteran industrialist, Tata Sons’ Emeritus Chairman Padma Vibhushan...

India’s 100 richest tycoons surpass $1 trillion milestone, Gautam Adani at 2nd spot: Forbes list

New Delhi: The collective wealth of India’s 100 richest tycoons surpassed the trillion dollar milestone for the first time as more than 80 per cent of the country’s richest tycoons...

ASEAN summits kick off in Laos, prioritising stronger cooperation under ‘ASEAN Way’

Vientiane: The 44th and 45th Association of Southeast Asian Nations (ASEAN) Summits and related summits kicked off here on Wednesday, emphasising stronger cooperation under "the ASEAN Way." Addressing the opening...

Five sperm whales dead after stranding on Australian island

Sydney: Five sperm whales have died after becoming stranded on an island off Australia's south coast. The whales were found on a beach on the coast of Flinders Island, which...

RG Kar protest: Over 100 more senior doctors from four other Bengal medical colleges tender mass resignations

Kolkata: Over 100 more senior doctors from four other state-run medical colleges and hospitals in West Bengal have tendered mass resignations during the last couple of hours to express solidarity...

N. Korea to cut off roads, railways connected to S. Korea: Military

Seoul: North Korea's military said it will cut off all roads and railways connected to South Korea starting on Wednesday. "A project will be launched first on October 9 to...

Omar Abdullah pins hopes on early restoration of J&K’s statehood

New Delhi: Former Chief Minister and newly-elected MLA, Omar Abdullah has expressed confidence that the Prime Minister will fulfil his promise of restoring statehood to Jammu and Kashmir. He said...

Cong MLA Vinay Kulkarni booked for raping, kidnaping 34-year-old woman

Bengaluru: Congress MLA Vinay Kulkarni from the Dharwad constituency has been booked on the charges of raping, kidnapping and threatening a 34-year-old social worker, here. On Tuesday, Sanjaynagar Police booked...

Read Previous

Finishing touches being given at the Motera Stadium for the Feb 24 “Namaste Trump” event in Ahmedabad . (Photo IANS/PIB)

Read Next

Samsung Galaxy A51: All rounder mid-range smartphone

WP2Social Auto Publish Powered By : XYZScripts.com