Carriers have already started the rollout of the next generation of cellular connectivity, known as 5G, but millions of people still rely on LTE (also known as 4G) for mobile data and will continue to do so for years to come.
4G may be slowly making its way out, but due to its widespread adoption, it is still important to detect and resolve any vulnerabilities that exist in the aging standard. The security and privacy of millions depend on it!
This is exactly what a group of researchers sought to find out. Read on and you won’t believe how many security flaws they’ve managed to unearth in the current LTE mobile network standard.
36 new security flaws found in LTE
Security researchers from South Korea have identified 36 new vulnerabilities in LTE mobile networks, the worst of which could allow attackers to send fake text messages and snoop on and control data traffic.
The four-man team from the Korea Advanced Institute of Science and Technology (KAIST) published the new findings in a new report documenting the methodology and scope of their study. Note: The team is planning to present this research paper at the IEEE Symposium on Security and Privacy in May.
How the LTE vulnerabilities were found
All in all, the KAIST team discovered 51 vulnerabilities in the LTE standard. While 15 of these vulnerabilities are already known, 36 of them are new, varying in scope and severity.
To detect the weaknesses, the researchers used a technique called “fuzzing.” Using a tool called “LTEFuzz,” they sent massive amounts of random data or “fuzz” to their test networks to pinpoint the presence of security vulnerabilities.
One of the potential attacks they found was a way to disconnect a user from their cellphone network while another could allow an attacker to send spoofed text messages.
However, the most serious flaw could allow an attacker to control and eavesdrop on a user’s data traffic itself.
The LTE problems could get worse
Although the vulnerabilities were all exploited in controlled environments via proof-of-concept attacks, these findings revealed a few alarming insights about the current state of our LTE networks.
First, their tests showed that different hardware types don’t share the same vulnerabilities even when connected to the same carrier.
Second, the same hardware types from a single manufacturer have different security flaws when used in two separate carriers, the same cellphone model in AT&T and Verizon, for example.
Sadly, this means that neither the hardware vendors nor the carriers have scrutinized the security of their LTE networks carefully. And since the flaws were discovered in the LTE protocol itself and how the carriers and vendors implemented the LTE standard in their devices, the researchers fear that similar flaws exist in the real world.
Due to these findings, the KAIST researchers said that they will not release the LTEFuzz tool to the public since it can be maliciously used. However, they are planning to privately share the tool to carriers and hardware vendors soon.
Are security holes in 5G too?
Although LTE will be eventually replaced by the next-generation 5G cellular standard, out of the gate, security researchers have managed to poke holes on 5G technology itself.
Rolled out barely a few months ago, 5G was similarly found vulnerable to attacks that can be used to track someone’s location, intercept phone calls and send fraudulent text messages.
Bonus podcast: The future may get here faster than we think, as the world races toward 5G wireless technology. 5G will be faster, revolutionary and could even fight terrorism?
In this Komando on Demand podcast, Kim looks at why 5G is both astonishing and dangerous.