tech2 News StaffJul 03, 2018 18:41:24 IST
Recent vulnerabilities in LTE and 5G networks found by researchers might lead to data security issues for users. Side effects of this new threat include potential attacks that are capable of identifying user information, which websites they visited and even altering their DNS traffic.
The threats were discovered by researchers David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper of Ruhr-Universität Bochum and New York University Abu Dhabi, who collectively published their findings on alter-attack.net.
As per the research,there are three types of attacks which were found on the data link layer of 4G LTE.
The first two are passive attacks that execute identity mapping and a method to perform website fingerprinting. The third one, however, is an active attack, which the researchers have chosen to call "aLTEr."
While in a Passive attack the perpetrator can not interfere with the network he is attacking, an aLTEr attack uses a separate device via which the attacker can simulate the original network and trick the victim into revealing confidential information. However, this method happens to be rather complex as the attacker redirects network connections by performing DNS spoofing which exploits a specification flaw in LTE.
What do you mean by DNS Spoofing? It is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.
However, who can these attacks happen to, is the bigger question. According to the paper, the attack can happen to anyone but it is most likely to happen to a "persons of special interest (e.g., politicians, journalists, etc.)"
Researchers conducted the attacks in an experimental setup in a controlled environment and concluded that the executing the 'aLTEr' attack is a herculean task. However, with some engineering effort in the real world scenario, the attack can also be performed outside on LTE.
Coming to 5G, it may also be vulnerable to these kinds of attacks, even though the network supports authenticated encryption. This is because the feature is optional, and carriers might not choose to implement it.
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.