Security flaws in 4G can lead to mobile phone hacking2 min read . Updated: 02 Jul 2018, 08:57 PM IST
If you are a 4G mobile phone user, hackers can identify the web pages you visit and re-route them to a scam website
Mumbai: If you are a 4G mobile phone user, hackers can identify the web pages you visit and re-route them to a scam website. All devices using longterm evolution (LTE), or fourth generation (4G) as it is better known, are at risk, reveals a new study carried out by security experts from the Horst Görtz Institute at Ruhr-Universität Bochum.
The weaknesses “are impossible to close... and they are also still present in the upcoming mobile telephony standard 5G (fifth generation), the standardization of which is pending", the researchers said in a 28 June press release.
LTE documentations reveal that an integrity protection, which would prevent attacks, has been deliberately omitted, according to one of the researchers, Thorsten Holz.
According to him, network operators ignored this issue because they would have had to attach “additional four bytes to each payload" to implement this security measure, which would increase data transmission costs. The general integrity protection has also not been provided in 5G mobile telephony standard as yet. The researchers advocate closing the 5G security gap by default.
For their experiment, the researchers used a personal computer (PC) and two so-called software-defined radios that enable the sending and receiving of LTE signals.
One device pretends to be a mobile phone network while the other impersonates a real mobile phone network. Thus, the system is capable of altering specific data, while transmitting the bulk of the data unchanged. Depending on the equipment, the attacker can keep the distance of several hundred metres from the targeted phone during the attack.
India had 238 million 4G subscribers by the end of December 2017, according to a report by the Telecom Regulatory Authority of India (Trai). Globally, LTE subscriptions are forecast to rise from 1 billion in 2015 to 4 billion by 2020, said research firm Statista.
This, however, is not the first instance where researchers have pointed out vulnerabilities in 4G. According to a 13 June press release by Positive Technologies, one in three 4G networks tested were found to be at risk of telecom fraud, enabling cyber attackers to use mobile services for free and potentially sell access to third parties. Subscriber privacy also remains at risk: all 4G networks tested allow attackers to track subscriber locations. In March, a team of security researchers from Purdue University and the University of Iowa pointed out that they had conducted a series of tests to analyse the security around some critical procedures that are necessary for the reliable functioning of the 4G LTE protocol.