Sign In

Communications of the ACM

ACM TechNews

Security Gaps Identified in LTE Mobile Telephony Standard


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
smartphone

All devices using the LTE network, including most mobile phones and tablets, are affected by the security gap.

Cyberattackers can identify which websites users visit and reroute them to scam websites by abusing security weaknesses in the LTE mobile telephony standard, researchers at Ruhr-Universitat Bochum in Germany have found. They determined all devices using LTE or 4G are affected, and the weaknesses, which are impossible to close, are still present in the upcoming 5G mobile telephony standard.

Under the 4G and upcoming 5G standards, the payload transmitted via LTE is encrypted, but its integrity is not verified. "An attacker can alter the encrypted data stream and reroute the messages to his own server without alerting the user," warns Ruhr-Universitat Bochum's David Rupprecht.

Attackers can also use special equipment to intercept the communication between the phone and the base station, and reroute the user to a fake website by altering the messages, Rupprecht says.

From Ruhr-University Bochum
View Full Article

 

Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


 

No entries found