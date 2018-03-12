Unpatched security vulnerabilities in the 4G LTE protocol allow anyone to connect to a network.ing channel.

Unpatched security vulnerabilities in the 4G LTE protocol allow anyone to connect to a network by impersonating a victim's phone without possessing legitimate credentials, launch DDoS attacks, and hijack a phone's paging channel to inject fabricated messages, researchers have revealed.

In the US a team of security researchers from Purdue University and the University of Iowa recently conducted a series of tests to analyse the security around some processes that are considered critical for the reliable functioning of the 4G LTE protocol.

According to the researchers, they aimed to uncover potential design flaws in the LTE protocol and vulnerabilities in attach, paging, and detach procedures in the protocol to expose flaws that could be exploited by cyber-criminals in various ways. These included mounting DDoS attacks, planting of fake messages in a victim's device, blocking notifications, and remotely changing the location of a victim's device.

"Notable among our findings is the authentication relay attack which enables an adversary to connect to the core networks—without possessing any legitimate credentials— while impersonating a victim cellular device.

"Through this attack the adversary can poison the location of the victim device in the core networks, thus allowing setting up a false alibi or planting fake evidence during a criminal investigation," the researchers said.

They added that hackers could also exploit flaws in the 4G LTE protocol to possibly hijack a cellular device's paging channel not only to stop notifications from reaching the device but also to inject fabricated messages resulting in multiple implications including energy depletion and activity profiling.

In all, the researchers uncovered ten new vulnerabilities and were able to demonstrate eight exploits in real-time using a model-based testing approach named LTEInspector. To build this testbed, they used low-cost software defined radios and open-source LTE software stack.

This article originally appeared at scmagazineuk.com