LTE Flaw Allows Attackers to Hijack Users’ Browsing Session

Lte Sign Symbol Over Futuristic Low Poly Mesh Wireframe On Blue Background Vector Illustration
Researchers have detected a security flaw in the 4G LTE network, one of the largest connectivity options used on mobile platforms.

Accessing the internet became easy with the arrival of smartphones and with each generation of connectivity software, one could get better speeds.

With 4G, you not only got speed, but security as well.

But a recent research report has found that there is a vulnerability in 4G LTE that is capable of permitting a hacker to break in and cause serious mischief.

In today’s context, it has been established that there are more smartphone users who are using their devices to access the internet than there are PC users.

This has led to more apps being created for the mobile users, with every website giving a lot of importance to their mobile platforms.

There is the increasing trend of using mobile apps to perform financial transactions and under those circumstances, the security of the device gains a lot of importance.

The Vulnerability Is Known by the Name aLTEr

The experts who discovered the vulnerability hail from two different teams—three researchers are from Germany and the fourth one from the UAE, all at the university level.

In a dedicated website showing their research, the experts explained that they found three kinds of flaws in the LTE (Long Term Evolution) or 4G internet connectivity network.

Out of these, the first two were found to be more passive, in the sense that they would just collect information on your browsing activity, as well as the details of the sites you visited using the service.

The third vulnerability is the one garnering the most concern. This relates to the exploit that they have given the name “aLTEr.”

It has the capability to redirect the browser to sites which you would not prefer to visit. The researchers have found that the flaw is linked to LTE’s second layer and that it is an inherent design flaw.

Lack of Integrity Protection the Main Flaw

On the face of it, the 4G LTE network is assessed to be a fairly secure one, particularly when compared to the previous versions, 2G and 3G.

However, now that this flaw has been detected and publicly reported, it is for the institutions directly involved in the development of these technologies to handle the problem.

These include the 3rd Generation Partnership Project (3GPP), the GSM Association and the internet service providers (ISPs) which have a large stake in the technology.

The flaw is identified as the lack of adequate protection to the integrity, as was explained by the researchers.

In their own words, the feature of encryption in counter mode itself contains this flaw and is exploited by the hackers in altering the message payload.

Redirecting the DNS requests and spoofing attacks are perpetrated on the DNS server. This results in the browser being directed to malicious sites.

Not Easy to Carry out the Hack

hijacking - cube with letters and words from the computer, software, internet categories, wooden cubes
Accessing the internet became easy with the arrival of smartphones and with each generation of connectivity software, one could get better speeds.

Having said all the above, experts add that it is not very easy to perform a hack within the 4G LTE network.

For one, the hacker has to be close to the device being hacked, not exceeding one mile in radius.

Even the hardware needed to perform the hack could be beyond the reach for an average hacker.

The cost of the equipment could be as much as $4,000.

But if there were groups which get backing from governments or establishments, this may not be an issue.

This is more or less the stance taken by the GSM Association as well.

While admitting that the integrity protection issue is present, they have pointed out that the user can take certain precautions by not succumbing to the exploit.

One of these has to do with avoiding sites which don’t carry the HTTPS certification. You may be aware that as you type the URL on the browser, the green band indicates that the site has the required security certification.

Another contention by the Association is that the researchers have demonstrated just a laboratory level incident and the same cannot be replicated in a real time situation, practically. The Association has to work on the 5G technology as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.