4G LTE Vulnerabilities Allow Traffic Tracking and Data Tampering

Researchers have discovered vulnerabilities in the 4G LTE standard that make it possible to track subscriber traffic and tamper with transmitted data. These issues stem from the use of weak cryptographic algorithms and insufficient integrity checks during packet transmission.

Details of the Vulnerabilities

A joint team from Ruhr University and New York University published a report describing three types of attacks that exploit weaknesses in the 4G LTE standard. Two of these are passive attacks, enabling attackers to monitor LTE traffic and gather various details about the target. The third attack, named aLTEr, allows attackers to modify data sent to a device and determine which websites the victim visits from their gadget.

The researchers tested the aLTEr attack in a series of experiments, successfully redirecting users to malicious websites by altering DNS packets. A demonstration video of the process was also provided.

Technical Aspects

All three vulnerabilities affect the Data Link layer (Layer 2) of 4G LTE. The main problem is the lack of proper integrity verification during packet transmission, which gives attackers the opportunity to intercept and modify encrypted 4G data packets before retransmitting them to cell towers. These attacks cannot be performed remotely; the attacker must be nearby and trick the user into connecting to their device.

Impact on 5G Networks

According to experts, these vulnerabilities also affect the current version of the 5G standard. While 5G includes additional security features to protect against the aLTEr attack, these features are currently optional and not always implemented.

Industry Response

The research team has already reported the vulnerabilities to the GSM Association (the international mobile operators association), the 3GPP consortium (which develops mobile telephony specifications), and several telecom companies.