Over the past few years, Fourth Generation Long Term
Evolution or 4G LTE has become the standard for cellular communications.
Security vulnerabilities affecting 4G LTE need to be taken seriously as any
disruption to the network can have serious consequences to life in 2018 and
beyond. Billions of people around the world depend on the integrity of 4G LTE
for daily activities in both their personal and professional lives.
A recent study conducted by a group of researchers from
Purdue and Iowa University has uncovered a bundle of vulnerabilities affecting
4G LTE cellular networks. These protocol level vulnerabilities can be exploited
for malicious purposes in numerous ways. The researchers have proven that these
flaws can allow an attacker to intercept calls and text messages, kick a device
off of the network, and even track a user’s location. These may sound like
far-fetched scenarios; however eight of the ten attacks discovered have been
proven in a testing environment using devices with SIM cards from real US
carriers.
All of these potential attack scenarios are made possible by
authentication relay attacks. A successful authentication relay attack will
allow an attacker to bypass network authentication defenses without any
legitimate credentials and disguise their identity. Once authenticated an
attacker has access to the network core where they can essentially block a
target device from receiving notifications altogether.
The major cellular carriers have been notified of these
flaws and are in the process of releasing fixes. The research team has agreed
to not release their proof of concept code until the fixes have been applied.
Perhaps the most troubling part of this story is that these types of attacks
can be conducted for as little as $1,300, which is negligible to a
well-organized criminal effort
Sources:
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/new- campaign-exploits-cve-2018-4878-anew-via-malicious-microsoft-word-documents
