Friday , 21 September 2018
Home >> S >> Security >> IT beware: University finds new 4G security holes

IT beware: University finds new 4G security holes

IT has enough to worry about with traditional data breach issues, but now researchers from Purdue University and the University of Iowa have found quite a few new security holes in the popular 4G mobile networks.

The potentially worst hole detailed in the study is an authentication synchronization failure attack. The danger? It allows bad guys to read incoming and outgoing messages from an employee, permits “stealthy denial” of selected services and “location of history poisoning,” which simply means it can manipulate location ready to give false information to systems using location for identity authentication.

This attack works, according to the report, by exploiting the phone’s “sequence number sanity check to disrupt its attach procedure. Precisely, the adversary interacts with with the [home subscriber service] through the [mobile management entity] to ensure that the sequence number of the [phone and subscriber service] are out-of-sync. As a result, the authentication challenge received through the legitimate auth request message fails the [phone’s] sanity check and consequently is discarded” by the phone.

 The researchers also found a traceability hole, which leaked out geolocation information — just the kind of details that you want rivals to know about your key employees. Other holes allowed attackers to deny all cellular service (something terrorists could exploit in an attack, to delay an emergency response and allow more time for mass murder), to “read all incoming and outgoing messages,” a way to detach someone “from the network surreptitiously,” completely and quickly drain the battery to a dead state and a different hole to allow denial of service or to just downgrade their service to 3G or even 2G.

close
==[ Click Here 1X ] [ Close ]==