2 weeks ago

brand-new 4G LTE Network Attacks Let Hackers Spy, Track, Spoof along with Spam


Security researchers have discovered a set of severe vulnerabilities in 4G LTE protocol which could be exploited to spy on user phone calls along with text messages, send fake emergency alerts, spoof location of the device along with even knock devices entirely offline.

A brand-new research paper [PDF] recently published by researchers at Purdue University along with the University of Iowa details 10 brand-new cyber attacks against the 4G LTE wireless data communications technology for mobile devices along with data terminals.

The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, along with paging.

Unlike many previous research, these aren’t just theoretical attacks. The researchers employed a systematic style-based adversarial testing approach, which they called LTEInspector, along with were able to test 8 of the 10 attacks in a real testbed using SIM cards by four large US carriers.

  1. Authentication Synchronization Failure Attack
  2. Traceability Attack
  3. Numb Attack
  4. Authentication Relay Attack
  5. Detach/Downgrade Attack
  6. Paging Channel Hijacking Attack
  7. Stealthy Kicking-off Attack
  8. Panic Attack
  9. Energy Depletion Attack
  10. Linkability Attack

Among the above-listed attacks, researchers consider an authentication relay attack will be particularly worrying, as This particular lets an attacker connect to a 4G LTE network by impersonating a victim’s phone number without any legitimate credentials.


This particular attack could not only allow a hacker to compromise the cellular network to read incoming along with outgoing messages of the victims although also frame someone else for the crime.

“Through This particular attack the adversary can poison the location of the victim device inside the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation,” the report said.

various other notable attacks reported by the researchers could allow attackers to obtain victim’s coarse-grained location information (linkability attack) along with launch denial of service (DoS) attack against the device along with take This particular offline (detach attack).

“Using LTEInspector, we obtained the intuition of an attack which enables an adversary to possibly hijack a cellular device’s paging channel with which This particular can not only stop notifications (e.g., call, SMS) to reach the device although also can inject fabricated messages resulting in multiple implications including energy depletion along with activity profiling,” the paper reads.

Using panic attack, attackers can create artificial chaos by broadcasting fake emergency messages about life-threatening attacks or riots to a large number of users in an area.

What’s interesting about these attacks will be which many of these can be carried out for $1,300 to $3,900 using relatively low-cost USRP devices available inside the market.

Researchers have no plans to Discharge the proof-of-concept code for these attacks until the flaws are fixed.

Although there are some possible defenses against these observed attacks, the researchers refrained by discussing one.

The paper reads: “retrospectively adding security into an existing protocol without breaking backward compatibility often yields band-aid-like-solutions which do not hold up under extreme scrutiny.”

“This particular will be also not clear, especially, for the authentication relay attack whether a defense exists which does not require major infrastructural or protocol overhaul,” This particular adds. “A possibility will be to employ a distance-bounding protocol; realization of such protocol will be, however, rare in practice.”

The vulnerabilities are most worrying which Once more raise concerns about the security of the cell standards inside the real world, potentially having an industry-wide impact.

Article Categories:
Security Hacks

Leave a Comment

Your email address will not be published. Required fields are marked *

2 + thirteen =