A joint team of researchers from the Ruhr and New York Universities has developed a new attack method that allows you to impersonate a legitimate user on a mobile network. The technique, dubbed IMP4GT (IMPersonation Attacks in 4G NeTworks), exploits a vulnerability in 4G LTE, namely the lack of protection of the integrity of user data in LTE.
At the moment of connecting or activating subscriber equipment in the network, the network launches the authentication procedure and AKA (Authentication and Key Agreement). The purpose of this procedure is to mutually authenticate the subscriber and the network and generate an intermediate KASME key. In LTE networks, mutual authentication occurs on the control plane, but there is no check of the integrity of user data on the user plane, which can be used by an attacker to manipulate and redirect IP packets.
In addition to the lack of integrity checking, the IMP4GT attack exploits the reflection mechanism in the IP stack of the mobile operating system. The experts described two attack scenarios affecting the upstream and downstream channels of the network. In the first case, the attacker pretends to be a legitimate device on the network and can use any site under the guise of a victim. In this case, all traffic generated by the attacker will be associated with the victim's IP address.
In the second case, the attacker can establish a TCP / IP connection with the phone and bypass any LTE firewall mechanism (does not apply to protection mechanisms above the IP layer).
According to the researchers, an attacker could impersonate a device or network at the IP level and send or receive IP packets disguised as a stolen identity, but an attacker would not be able to access private email accounts or instant messengers, make calls, or break TLS encryption. In addition, such an attack is quite difficult to implement, since it will require special skills and equipment, and the attacker himself must be near the victim.
Specialists will present more detailed information about the IMP4GT method at the NDSS Symposium 2020 conference, which will be held at the end of February in San Diego.
