Over the past few years, Fourth Generation Long Term Evolution or 4G LTE has become the standard for cellular communications. Security vulnerabilities affecting 4G LTE need to be taken seriously as any disruption to the network can have serious consequences to life in 2018 and beyond. Billions of people around the world depend on the integrity of 4G LTE for daily activities in both their personal and professional lives.
A recent study conducted by a group of researchers from Purdue and Iowa University has uncovered a bundle of vulnerabilities affecting 4G LTE cellular networks. These protocol level vulnerabilities can be exploited for malicious purposes in numerous ways. The researchers have proven that these flaws can allow an attacker to intercept calls and text messages, kick a device off of the network, and even track a user’s location. These may sound like far-fetched scenarios; however eight of the ten attacks discovered have been proven in a testing environment using devices with SIM cards from real US carriers.
All of these potential attack scenarios are made possible by authentication relay attacks. A successful authentication relay attack will allow an attacker to bypass network authentication defenses without any legitimate credentials and disguise their identity. Once authenticated an attacker has access to the network core where they can essentially block a target device from receiving notifications altogether.
The major cellular carriers have been notified of these flaws and are in the process of releasing fixes. The research team has agreed to not release their proof of concept code until the fixes have been applied. Perhaps the most troubling part of this story is that these types of attacks can be conducted for as little as $1,300, which is negligible to a well-organized criminal effort