Cyberattackers can identify which websites users visit and reroute them to scam websites by abusing security weaknesses in the LTE mobile telephony standard, researchers at Ruhr-Universitat Bochum in Germany have found. They determined all devices using LTE or 4G are affected, and the weaknesses, which are impossible to close, are still present in the upcoming 5G mobile telephony standard.
Under the 4G and upcoming 5G standards, the payload transmitted via LTE is encrypted, but its integrity is not verified. "An attacker can alter the encrypted data stream and reroute the messages to his own server without alerting the user," warns Ruhr-Universitat Bochum's David Rupprecht.
Attackers can also use special equipment to intercept the communication between the phone and the base station, and reroute the user to a fake website by altering the messages, Rupprecht says.
From Ruhr-University Bochum
View Full Article
Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA
No entries found