Vulnerabilities in 4G LTE networks could lead to attackers using your identity to send messages or intercept your messages.
Discovered by Purdue University and University of Iowa academics, the vulnerabilities affect the core protocols which power 4G LTE mobile networks worldwide.
The team discovered ten new vulnerabilities and nine that were previously known about, using a special tool named LTEInspector.
Mark James, ESET IT Security Specialist, explores this weakness and the possible implications of vulnerabilities in such a widely used system.
“In the modern digital world there are certain delivery methods we can trust and some methods we need to be cautious of.
“For instance when we receive an email we nearly always treat it with some level ofscepticism before either discarding it as spam or acting on the info.
“Mobile SMS texts and messages however, already hold a higher level of trust than emails as it’s often treated as a much harder platform to spoof than emails.
“These flaws in the 4G LTE network could enable an attacker to “connect to a 4G LTE network using another user's identity, send messages on behalf of another user, intercept messages meant for that user, spoof the location of a mobile device, and even force other devices to disconnect from a mobile network.” Any of these features could be used for nefarious purposes.
“We will often treat a text message from a user we know as “honest” over and above an email.
“In some cases we even use SMS texts as a means to deliver Two-Factor Authentication (2FA) codes. If this process was used to intercept those particular messages someone could in theory have the capability to login with stolen credentials even if an extra security procedure like 2FA was used.”
Full details of the vulnerability can be found in this article.
Would you avoid using 4G knowing about this vulnerability? Let us know on Twitter @ESETUK.