Flaws in the LTE Mobile Communication Standard
Forget about that suspicious attachment in your mail or some shady website installing malware on your system, now a flaw in LTE mobile communication protocol used with 4G networks enables remote attackers to redirect traffic to desired websites.
The flaw was discovered by a team of researchers, including Katharina Kohls, Christina Popper, Thorsten Holz, and David Rupprecht.
The team was able to impair the confidentiality or privacy of LTE communication, which means an attacker can identify users and then launch follow-up attacks. An attacker can also abuse the resource allocation to learn what websites a user visited.
The team also conducted the ALTER attack, which allowed them to modify the message payload.
“As a proof-of-concept demonstration, we show how an active attacker can redirect DNS requests and then perform a DNS spoofing attack. As a result, the user is redirected to a malicious website. Our experimental analysis demonstrates the real-world applicability of all three attacks and emphasizes the threat of open attack vectors on LTE layer two protocols,” wrote the team in a post.
According to the team, “All above-mentioned security issues are caused by a specification flaw within LTE. The ALTER attack exploits the fact that LTE user data is encrypted in counter mode (AES-CTR) but not integrity protected, which allows us to modify the message payload: the encryption algorithm is malleable, and an adversary can modify a ciphertext into another ciphertext, which later decrypts to a related plaintext.”