SECURITY BOFFINS at the Korea Institute of Science & Technology have identified 36 security flaws in the 4G LTE standard used by mobile networks and devices worldwide.
In a research paper [PDF], they claim to have found vulnerabilities enabling attackers to eavesdrop and access user data traffic, distribute spoofed text messages, interrupt communications between base station and phones, block calls and disconnect users from the network.
Although there has been plenty of research about LTE security vulnerabilities published in the past, what's different about this particular study is the scale of the flaws identified and the way in which the researchers found them.
Using a technique called "fuzzing", the researchers claim that they came across 51 vulnerabilities in total. While 15 had been previously detailed, 36 of them are new.
"Based on the security property, LTEFuzz generates and sends the test cases to a target network, and classifies the problematic behaviour by only monitoring the device-side logs," wrote the researchers.
"Accordingly, we uncovered 36 vulnerabilities, which have not been disclosed previously. These findings are categorised into five types: Improper handling of (1) unprotected initial procedure, (2) crafted plain requests, (3) messages with invalid integrity protection, (4) replayed messages, and (5) security procedure bypass."
The researchers also investigated how these flaws can differ based on context and environment. For example, a single carrier could have different vulnerabilities on two different devices, or a single device that uses two different networks could experience varying flaws.
"This shows that neither the device vendors nor the carriers have checked the security of their network components carefully. In addition, LTEFuzz was able to uncover vulnerabilities in baseband chipsets from Qualcomm and HiSilicon," they added.
Since publishing the research, the researchers have alerted the 3GPP, the GSMA and vendors of the newly found vulnerabilities.
They concluded by saying: "We plan to privately release LTEFuzz to these carriers and vendors in the near future. A public release is not planned as LTEFuzz can be used for malicious purposes."
This news comes at a time when network operators and vendors are preparing for the emergence of 5G, which will succeed 4G and cater to the expanding IoT ecosystem. µ
Patch? Patchy more like
Slurped surveillance info includes location data and social groups
Flagship can be picked up in Blighty from £649
Chronical unearths threat while probing Bayer cyberattack