Bug that helps hackers to impersonateDate: 25 February 2020 Tags: IT, Mobile & Computers
Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users like taking a streaming service subscription at your expense or publish secret company documents under someone else’s identity.
The vulnerability, which affects virtually all mobile phones, tablets and some connected household appliances, may also hamper investigations of law enforcement agencies because attackers can not only make purchases in the victim’s name but also access websites using the victim’s identity.
Mobile network operators would have to accept higher costs, as the additional protection generates more data during the transmission. In addition, all mobile phones would have to be replaced and the base station expanded.
The problem is the lack of integrity protection: data packets are transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping.
By provoking errors like changing bits from 0 to 1 or from 1 to 0 in the encrypted data packets, the researchers can make a mobile phone and the base station decrypt or encrypt messages.
They not only can convert the encrypted data traffic between the mobile phone and the base station into plain text, but also send commands to the mobile phone, which are then encrypted and forwarded to the provider, such as a purchase command for a subscription.
The hackers trick the mobile phone to assume that the software-defined radio is the benign base station and to the real network, in turn, it looks as if the software-defined radio was the mobile phone.