Advertisements

Wednesday, 4 July 2018

Researchers find LTE Mobile Standard weakness allowing DNS spoofing, website fingerprinting

LTE mobile device standard used by millions of users across the globe is designed to fix many of the security shortcomings in the predecessor standard known as Global System for Mobile communications. Now, researchers have discovered faults in LTE that allow attackers to send nearby users to malicious websites and fingerprint the sites they visit. This attack works because of the weakness built-into the LTE started itself and the most crucial weakness is a form of encryption that doesn’t protect the integrity of the data. Since there is a lack of data authentication, it is possible for an attacker to manipulate the IP addresses within an encrypted packet. The weakness within the LTE is dubbed as aLTEr and researchers claim that attackers can cause the mobile device to use a malicious domain name system server that, in turn, redirects the user to a malicious server duping as Hotmail. Other two weaknesses involve the way LTE maps users across a cellular network and leaks sensitive information about the data passing between base stations and end users. The paper published by researchers says that attackers require about $4,000 worth of equipment and must be within one mile of the targeted user. Since the weakness is the result of a design ...