News Categories

Flaws in LTE connections could direct users to malicious websites

By Koh Wanzi - on 2 Jul 2018, 11:43am

Flaws in LTE connections could direct users to malicious websites

Image Source: Bloomberg

The Long Term Evolution (LTE) wireless standard used by billions today isn’t as secure as originally thought. Researchers have discovered flaws in the standard that allow attackers to send users to rogue websites, and there’s no way to patch them because they stem from design decisions made when the specification was still under development.

LTE was designed to fix weaknesses in the older Global System for Mobile communication (GSM) standard, and it implemented things like the use of proven encryption schemes and mutual authentication between end users and base stations.

However, the researchers found that LTE uses a form of encryption that doesn’t protect the integrity of data, and this lack of authentication allows attackers to secretly manipulate the IP addresses within an encrypted packet.

This means that mobile devices can be tricked into using a malicious domain name system (DNS) server that then redirects users to a malicious server. In this way, attackers can take users to a website of their choice.

Dubbed aLTEr, the attack requires that a hacker be in the proximity of their target. Special equipment is also required, so whoever is carrying out the attack is likely to be either a surveillance agency or someone else with a committed agenda.

This means that while the average user is probably at fairly low risk, prominent figures like politicians should be more wary.

Other flaws were discovered as well, and the researchers identified two more weaknesses centered around how LTE maps users across a cellular network and leaks sensitive information about the data passing between end users and base stations.

An attacker could use a sniffing device near the user to intercept this information – for instance when and how much data is being used – and compare it to data “fingerprints” for popular websites. A match could allow someone to tell what site you’re visiting, even though your destination is supposed to be encrypted.

Unfortunately, since these vulnerabilities cannot be patched, the only recourse is to try to visit sites that use HTTP Strict Transport Security or DNS Security extensions, which isn’t always possible.

The researchers are calling urgently for the implementation of countermeasures in the upcoming 5G specification, so you won’t see a proper solution until the latter rolls out.

Source: Ars Technica

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.