HACKERS COULD HIJACK your browsing session and snoop on the websites you visit over an LTE connection using an attack called aLTEr.
According to university researchers, the attack technique abuses a second layer of LTE connectivity called the data link layer, normally designed to protect data going across LTE with encryption, as well as organising how resources are accessed on the network and correcting transmission errors.
But aLTEr has been designed to redirect network requests and hijack browsing sessions, as well as redirect network requests, through DNS spoofing.
"The aLTEr attack exploits the fact that LTE user data is encrypted in counter mode (AES-CTR) but not integrity protected, which allows us to modify the message payload: the encryption algorithm is malleable, and an adversary can modify a ciphertext into another ciphertext which later decrypts to a related plaintext," explained David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper, from Ruhr-Universität Bochum and New York University Abu Dhabi.
The attack works by creating a malicious cell tower between the victim and a legitimate cell tower, which poses as both a cell tower of the network the victim is trying to connect to and pretend to be the victim when connecting to a legitimate cell tower.
Once a connection is made, the fake cell tower takes requests from the victim and passes them on to the real cell tower, but modifying data points before it does so. From here DNS server requests can be modified and spoofed, essentially allowing hackers to sent victims to malicious websites posing as legitimate ones where data such as usernames and passwords could be swiped.
The viability of such an attack is arguably open to interpretation, as a hacker would need some $4,000 worth of equipment to carry it out and would need to be within a mile radius of the malicious relay.
Furthermore, the attack is mitigated by people visiting websites that use the more secure HTTPS protocol, though there are still plenty of websites that lag behind in adoption that standard, despite the efforts of Google.
"We conducted the attacks in an experimental setup in our lab that depends on special hardware and a controlled environment. These requirements are, at the moment, hard to meet in real LTE networks. However, with some engineering effort, our attacks can also be performed in the wild," the researchers said.
But the security hole can't really be patched without the LTE network protocol getting a complete overhaul, which according to the researchers isn't really feasible at the moment.
While aLTEr is but the fruits of lab work and has yet to be exploited out in the wild, it does demonstrate that LTE is perhaps not quite as secure as many first thought.
There's a chance the rollout of 5G could bypass this LTE security flaw, but for the time being it's worth being aware of what sites and services your phone is attempting to connect to and check how legitimate they are. µ
Firm quietly closes down hardware initiatives launched following Windows 8
Another day, another Trump trip-up
So-called 'Beyond X' will be firm's highest-spec Galaxy smartphone yet
Val-deri, val-dera, my cutting edge mapping sensors on my back