A group of researchers discovered a number of weaknesses in the 4G LTE networks that could be exploited by attackers to eavesdrop on phone calls and text messages, knock devices offline, track location, and spoof emergency alerts.
A group of researchers from Purdue and the University of Iowa have discovered a number of vulnerabilities affecting the 4G LTE networks that could be exploited by attackers to eavesdrop on phone calls and text messages, knock devices offline, track location, and spoof emergency alerts.
The experts detailed ten different attacks in a research paper, the experts leverage weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to 4G LTE networks and maintaining a connection to receive calls and messages.
“In this paper, we investigate the security and privacy of the three critical procedures of the 4G LTE protocol (i.e., attach, detach, and paging), and in the process, uncover potential design flaws of the protocol and unsafe practices employed by the stakeholders.” reads the paper published by the experts.”For exposing vulnerabilities, we propose a model based testing approach LTEInspector which lazily combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model.”
The researchers devised a testing framework dubbed LTEInspector that they used to detect vulnerabilities in LTE radios and networks.
The group tested eight of the ten attacks using SIM cards from four large US carriers.