A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf.
The impersonation attack — named “IMPersonation Attacks in 4G NeTworks” (or IMP4GT) — exploits the mutual authentication method used by the mobile phone and the network’s base station to verify their respective identities to manipulate data packets in transit.
“The IMP4GT attacks exploit the missing integrity protection for user data, and a reflection mechanism of the IP stack mobile operating system. We can make use of the reflection mechanism to build an encryption and decryption oracle. Along with the lack of integrity protection, this allows to inject arbitrary packets and to decrypt packets,” the researchers explained.
The research was presented at the Network Distributed System Security Symposium (NDSS) on February 25 in San Diego.
The vulnerability impacts all devices that communicate with LTE, which includes all smartphones, tablets, and IoT devices currently being sold in the market.
“The Bochum-based team is attempting to close the security gap in the latest mobile communication standard 5G, which is currently rolled out,” the researchers said. The flaws were responsibly disclosed to the telecom standards body GSM Association last May.
images from Hacker News