Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday March 06 2018, @03:44PM   Printer-friendly
from the good-protocols-gone-bad dept.

A group of American university researchers have broken key 4G LTE protocols to generate fake messages, snoop on users, and forge user location data.

Those working on the coming 5G protocols should take note: the vulnerabilities are most worrying because they're written into the LTE protocols, and could therefore have an industry-wide impact.

Identified by Purdue University's Syed Rafiul Hussain, Shagufta Mehnaz and Elisa Bertino with the University of Iowa's Omar Chowdhury, the protocol procedures affected are:

  • Attach – the procedure that associates a subscriber device with the network (for example, when you switch the phone on);
  • Detach – occurs when you switch your device off, or if the network disconnects from the device (for example because of poor signal quality, or because the phone can't authenticate to the network); and
  • Paging – this protocol is part of call setup, to force the device to re-acquire system information, and in emergency warning applications.

The researchers' paper (PDF) describes an attack tool called LTEInspector, which the researchers said found exploitable vulnerabilities that resulted in "10 new attacks and nine prior attacks” (detecting old vulnerabilities helped the researchers validate that the new vulns were genuine).


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday March 07 2018, @09:26AM

    by Anonymous Coward on Wednesday March 07 2018, @09:26AM (#648930)

    The gov certainly can compel businesses do anything. But I bet they wouldn't like to appear to be overreaching and like an all-seeing-eye in the pretend democracy. And then there is the funny idea of American exceptionalism, maybe these idiots think that no other party posesses the capability that good old yanks do, meaning if there is a clever backdoor, nobody else will find it. Sure it will take more than whistling into a handset but if one person can do something, somebody else also will, if not now then possibly very soon. And it would certainly cut some red tape not having to ask for anything but just take it...

    So perhaps the first theory is correct after all because of incompetence rather than malice of the gov.

    The level of incompetence displayed by various supposedly highly prodessional organizations never ceases to amaze me. It's like they have no actual 1) managers 2) experts. And the "compensation" and bonuses of various kinds they enjoy are out of this world and should their house of cards fall, they get to deploy amazing golden parachutes, every time. It has heads-I-win-tails-you-lose all over it.

    /morning rant