H5N1 novel query newspaper [PDF] of late published yesteryear researchers at Purdue University in addition to the University of Iowa details 10 novel cyber attacks against the 4G LTE wireless information communications technology scientific discipline for mobile devices in addition to information terminals.
The attacks exploit blueprint weaknesses inwards iii fundamental protocol procedures of the 4G LTE network known equally attach, detach, in addition to paging.
Unlike many previous research, these aren't only theoretical attacks. The researchers employed a systematic model-based adversarial testing approach, which they called LTEInspector, in addition to were able to exam 8 of the 10 attacks inwards a existent testbed using SIM cards from 4 large the States carriers.
- Authentication Synchronization Failure Attack
- Traceability Attack
- Numb Attack
- Authentication Relay Attack
- Detach/Downgrade Attack
- Paging Channel Hijacking Attack
- Stealthy Kicking-off Attack
- Panic Attack
- Energy Depletion Attack
- Linkability Attack
Among the above-listed attacks, researchers regard an authentication relay assault is especially worrying, equally it lets an aggressor connect to a 4G LTE network yesteryear impersonating a victim's telephone issue without whatever legitimate credentials.
"Through this assault the adversary tin laissez passer notice poisonous substance the place of the victim device inwards the substance networks, hence allowing setting upwardly a mistaken alibi or planting mistaken show during a criminal investigation," the study said.
Other notable attacks reported yesteryear the researchers could allow attackers to obtain victim’s coarse-grained place information (linkability attack) in addition to launch denial of service (DoS) assault against the device in addition to accept it offline (detach attack).
"Using LTEInspector, nosotros obtained the intuition of an assault which enables an adversary to mayhap hijack a cellular device’s paging channel amongst which it tin laissez passer notice non only halt notifications (e.g., call, SMS) to accomplish the device but equally good tin laissez passer notice inject fabricated messages resulting inwards multiple implications including liberate energy depletion in addition to action profiling," the newspaper reads.
Using panic attack, attackers tin laissez passer notice do artificial chaos yesteryear broadcasting mistaken emergency messages almost life-threatening attacks or riots to a large issue of users inwards an area.
What's interesting almost these attacks is that many of these tin laissez passer notice live on carried out for $1,300 to $3,900 using relatively low-cost USRP devices available inwards the market.
Researchers direct keep no plans to release the proof-of-concept code for these attacks until the flaws are fixed.
Although at that spot are roughly possible defenses against these observed attacks, the researchers refrained from discussing one.
The newspaper reads: "retrospectively adding safety into an existing protocol without breaking backward compatibility frequently yields band-aid-like-solutions which do non concur upwardly nether extreme scrutiny."
"It is equally good non clear, especially, for the authentication relay assault whether a defence forcefulness exists that does non demand major infrastructural or protocol overhaul," it adds. "A possibility is to employ a distance-bounding protocol; realization of such protocol is, however, rare inwards practice."The vulnerabilities are most worrying that i time once again heighten concerns almost the safety of the jail cellphone standards inwards the existent world, potentially having an industry-wide impact.
