4g lte network protocol vulnerability discovered by researchers
Recently, four US university researchers have discovered problems with the 4g lte protocol. This vulnerability can be exploited to fabricate false information and monitor users and address tracking.
In the current phase of 5G deployment, we should also pay attention to the 4G problem discovered this time: the vulnerability is found in the LTE protocol, which means the vulnerability may affect the entire industry.
The researchers who discovered the vulnerabilities were from the University of Pudu and the University of Iowa. Vulnerabilities can affect user devices:
1. connection: the process of associating a user's device with the network (for example, a user opens a mobile phone)
2. Separation: the user closes the device and the network is disconnected from the device (for example, network verification cannot be performed due to poor signal quality)
3. Paging: This part is part of the call establishment. It is usually used to force the device to obtain system information again and for emergency alarms.
In his thesis (PDF), researchers described a vulnerability attack tool named LTEInspector, which can run 10 completely new attack methods. The biggest impact is relay attacks. They can replay the verification and allow attackers to impersonate victims to access the network. In this way, even if the user is in Paris, the location information can be changed to London to form a perfect proof of absence.
Even more worrying, researchers have also expressed doubts about the feasibility of vulnerability fixing in their papers: It is difficult to add additional security performance fixes based on existing protocols.
Protocol layer attack
Attack methods against connection links include forging attach_request information from malicious devices to prevent connections to the victim's mobile phone; tracking users through malicious nodes (using the security_mode_command command to perform "trackable attacks "); A service interruption attack that injects malicious control commands and uses malicious nodes (such as Stingray ).
The paging attack can exhaust the victim's battery and force the target device to reconnect to the network. Attacks against the separation Protocol also require victims to connect to malicious nodes.
Advanced tool: LTEInspector
The attack tool released by the research team is LTEInspector, which treats it as a "lazy" Combination of a model checker and encryption protocol verification. When used, LTEInspector can automatically check the process and operation sequence, build and encrypt messages, and perform other rich constraints.
LTEInspector checks the following properties of the device: authenticity/prohibition of counterfeiting), availability/prevention of denial of service, integrity/restriction of unauthorized, and confidentiality of user sensitive information/prevention of activity analysis.
Reference Source: theregister
This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151209.htm