The problems are related to the use of a weak cryptoalgorithm and the lack of proper integrity checking when transmitting packets.
A joint group of researchers from the Ruhr and New York Universities published a report in which they described three types of attacks that exploit vulnerabilities in the 4G LTE standard. Two of them are passive and allow you to track LTE traffic and find out various details about the target. With the help of the third, called aLTEr, attackers can spoof data sent to the device and determine which sites the victim visits from the gadget.
Researchers tested the aLTER attack in a series of experiments in which they managed to redirect users to malicious sites by spoofing DNS packets. A video demonstrating the process is presented below:
All three vulnerabilities affect the Data Link layer (Layer 2) of 4G LTE. The problems are related to the lack of proper integrity checking during packet transmission, which provides attackers with the ability to intercept and modify encrypted 4G data packets and then relay them to cell towers. Attacks cannot be carried out remotely - the attacker must be close and force the user to connect to his device.
According to experts, the vulnerabilities also affect the 5G standard in its current form. Although the standard provides additional security features to protect against aLTEr attack, they are currently optional.
The team has already shared information on the vulnerabilities with the International Association of Mobile Operators (GSM Association), the 3GPP consortium (develops specifications for mobile telephony) and a number of telecom companies.
