4g lte network protocol vulnerability discovered by researchers

Source: Internet
Author: User

4g lte network protocol vulnerability discovered by researchers

Recently, four US university researchers have discovered problems with the 4g lte protocol. This vulnerability can be exploited to fabricate false information and monitor users and address tracking.

In the current phase of 5G deployment, we should also pay attention to the 4G problem discovered this time: the vulnerability is found in the LTE protocol, which means the vulnerability may affect the entire industry.

The researchers who discovered the vulnerabilities were from the University of Pudu and the University of Iowa. Vulnerabilities can affect user devices:

1. connection: the process of associating a user's device with the network (for example, a user opens a mobile phone)

2. Separation: the user closes the device and the network is disconnected from the device (for example, network verification cannot be performed due to poor signal quality)

3. Paging: This part is part of the call establishment. It is usually used to force the device to obtain system information again and for emergency alarms.

In his thesis (PDF), researchers described a vulnerability attack tool named LTEInspector, which can run 10 completely new attack methods. The biggest impact is relay attacks. They can replay the verification and allow attackers to impersonate victims to access the network. In this way, even if the user is in Paris, the location information can be changed to London to form a perfect proof of absence.

Even more worrying, researchers have also expressed doubts about the feasibility of vulnerability fixing in their papers: It is difficult to add additional security performance fixes based on existing protocols.

Protocol layer attack

Attack methods against connection links include forging attach_request information from malicious devices to prevent connections to the victim's mobile phone; tracking users through malicious nodes (using the security_mode_command command to perform "trackable attacks "); A service interruption attack that injects malicious control commands and uses malicious nodes (such as Stingray ).

The paging attack can exhaust the victim's battery and force the target device to reconnect to the network. Attacks against the separation Protocol also require victims to connect to malicious nodes.

Advanced tool: LTEInspector

The attack tool released by the research team is LTEInspector, which treats it as a "lazy" Combination of a model checker and encryption protocol verification. When used, LTEInspector can automatically check the process and operation sequence, build and encrypt messages, and perform other rich constraints.

LTEInspector checks the following properties of the device: authenticity/prohibition of counterfeiting), availability/prevention of denial of service, integrity/restriction of unauthorized, and confidentiality of user sensitive information/prevention of activity analysis.

Reference Source: theregister

This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151209.htm

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.