Feb 23, 2020
Berlin: Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity.
The vulnerability — which affects virtually all mobile phones, tablets and some connected household appliances — may also hamper investigations of law enforcement agencies because attackers can not only make purchases in the victim’s name but can also access websites using the victim’s identity.
For example, an attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator, said researchers from Ruhr-Universitat Bochum public university.
“An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them,” said Professor Thorsten Holz from Horst Gortz Institute for IT Security.
Only changing the hardware design would mitigate the threat.
The team is attempting to close the security gap in the latest mobile communication standard 5G, which is currently rolled out.
“Mobile network operators would have to accept higher costs, as the additional protection generates more data during the transmission. In addition, all mobile phones would have to be replaced and the base station expanded. That is something that will not happen in the near future,” said David Rupprecht.
The problem is the lack of integrity protection: data packets are transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping.
However, it is possible to modify the exchanged data packets.
“We don’t know what is where in the data packet, but we can trigger errors by changing bits from 0 to 1 or from 1 to 0,” said Rupprecht.
By provoking such errors in the encrypted data packets, the researchers can make a mobile phone and the base station decrypt or encrypt messages.
They not only can convert the encrypted data traffic between the mobile phone and the base station into plain text, they can also send commands to the mobile phone, which are then encrypted and forwarded to the provider – such as a purchase command for a subscription.
The researchers from Bochum used so-called software-defined radios for the attacks.
These devices enable them to relay the communication between mobile phone and base station.
Thus, they trick the mobile phone to assume that the software-defined radio is the benign base station; to the real network, in turn, it looks as if the software-defined radio was the mobile phone.
For a successful attack, the attacker must be in the vicinity of the victim’s mobile phone, said the researchers. IANS
Three killed in volcano erruption in Indonesia
Jakarta: Three people were killed after Mount Dukono erupted in Indonesia's North Maluku province, local police said on Friday. Search and rescue authorities earlier said that rescuers were working to...
TN Governor shouldn’t create hurdles in govt formation: CPI after extending support to TVK
New Delhi: After the Communist Party of India (CPI) on Friday formally extended "unconditional support" to Tamilaga Vettri Kazhagam (TVK), its General Secretary D. Raja asserted that Tamil Nadu Governor...
Delhi HC to order removal of AI-generated ‘fake’ videos of Shashi Tharoor
New Delhi: The Delhi High Court on Friday said that it will pass an interim order protecting the personality and publicity rights of Congress MP Shashi Tharoor in a suit...
Noida housing scam: CBI chargesheets Shubhkamna Buildtech, directors
New Delhi: The Central Bureau of Investigation (CBI) filed a charge-sheet against a private realty firm, Shubhkamna Buildtech, and its directors for allegedly cheating homebuyers in a housing project located...
US appeals court rejects Indian Muslim man’s bid to halt deportation
Washington: A US federal appeals court has rejected an Indian Muslim man’s bid to avoid deportation, ruling that the violence he faced in India did not amount to persecution and...
Bihar Cabinet: Portfolios allocated in Samrat Choudhary govt; Nishant Kumar gets Health
Patna: A major political development unfolded in Bihar on Thursday as the NDA government led by Chief Minister Samrat Choudhary underwent a massive Cabinet expansion at Gandhi Maidan. In a...
WHO confirms 5 hantavirus cases, 12 countries informed
New Delhi: Amid the global alarm, the World Health Organization (WHO) on Thursday confirmed five hantavirus cases linked to cruise ship outbreak, while three additional cases remain suspected. Eight severe...
Assam govt swearing-in on May 12; PM Modi, Amit Shah to attend: Dilip Saikia
Guwahati: Assam BJP President Dilip Saikia on Thursday said the swearing-in ceremony of the BJP-led NDA government in Assam will be held on May 12 at Khanapara in Guwahati in...
IndiGo announces inaugural flights from Noida International Airport from June 15
New Delhi: Low-cost airline IndiGo announced on Thursday it will begin operations from Noida International Airport (NIA) in Jewar, Uttar Pradesh, from June 15, 2026. Indigo will be the first...
Bengal CID takes charge of Chandranath Rath murder case; analyses CCTV footage
Kolkata: The Criminal Investigation Department (CID) of West Bengal Police, on Thursday morning, took over the probe of the ghastly murder of Chandranath Rath, the long-time personal assistant of Suvendu...
Congress high command holds key as CM race in Kerala turns into three-way battle
Thiruvananthapuram: The battle for Kerala’s next Chief Minister has now firmly shifted to New Delhi after the Congress Legislature Party on Thursday unanimously authorised party President Mallikarjuna Kharge to take...
Why incidence of heart attack is rising in youth
Aligarh: Heart diseases in India are taking a pandemic form, with disturbing fact of people below 45 years, or even below forty years of age, farming a major chunk of...
