LTE security vulnerabilities allow hackers to send false emergency alerts

LTE security vulnerabilities allow hackers to send false emergency alerts

Any electronic technology may have security vulnerabilities, even the mobile network technology itself is no exception. Researchers at the U. S. Pudu University and the University of Iowa have published a report describing the existence of severe security vulnerabilities in the LTE protocol, allowing hackers to launch 10 different attacks, this includes monitoring messages and phone content without sound information, tracking location information, taking devices offline, and even issuing false emergency alerts. Hackers can initiate identity verification relay attacks to attack targets after obtaining control of three major communication protocols (including protocols that connect devices to the network and maintain connections, not only can they lose their creden。 to connect to the network, but they can also impersonate their devices. In other words, hackers not only affect the use of the Internet, but also target others for illegal behaviors.

The above findings are not based on theory. The research team tried to attack 10 SIM cards from four major U.S. network vendors in this way, eight of which were successfully affected.

Fortunately, the vulnerability stored in LTE itself is fixed, and it is reported that at least one network provider has already faced the problem. However, this was an amendment to the time competition because it was difficult for hackers to detect and exploit this vulnerability to launch attacks. In addition, the cost of this tool is not expensive. You only need to spend about $1,300 to buy a stable supply of parts on the market. Therefore, hackers do not have to have a lot of resources to perform this attack.

This discovery reminds the industry that security must be ensured before the implementation of new generation network standards. After all, it is easier to launch a product that has been well inspected than to make repairs and supplements after the launch.

Source: ZDNet

This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151213.htm