Hackers can monitor what sites you're visiting on your 4G network

Attackers can compromise the encrypted second layer taking advantage of a specification flaw in the LTE standard.

Published Date
03 - Jul - 2018
| Last Updated
04 - Jul - 2018
Hackers can monitor what sites you’re visiting on your 4G network

Last year’s WannaCrypt attack was an eye-opener for companies, governments as well as the public forcing them to take cybersecurity seriously. Since then, several researchers have found vulnerabilities and, at the same time, come up with solutions to mitigate different types of cyber attacks. In another such research, a team has found that with a little engineering in the current setup of LTE networks, hackers can compromise your network settings and can track what websites you are surfing through.

According to the team, there are three novel attack vectors that can expose LTE users on the data link layer, or the second layer, which organises how multiple users can access the resources of the network, helps to correct transmission errors and protects data through encryption.

To show that LTE networks can be compromised, the researchers introduced passive attacks that demonstrate an identity mapping attack and an active cryptographic attack called ‘aLTEr’ attack that allows an attacker to redirect network connections by performing DNS spoofing due to a specification flaw in the LTE standard. The team conducted the attacks in an experimental setup in a controlled environment, which are hard to meet in real LTE networks but they cautioned that a little engineering in updating the setup could easily enable the hackers to carry out three individual attacks: One for mapping user identities in the radio cell, second for learning which websites a user has accessed, and a third for performing an alteration attack that can be used to redirect and hijack network connections.

When it comes to a passive attack, the hacker does not directly interferes with the network, but deploys a sniffing device to get access and monitor to all information that a potential victim sends and receives on the network. In an active attack, the hacker intercepts the information which is being sent and received on a network by using a simulating device. The users, thinking that the adversary is his usual network provider, connects to the simulation device. On the other hand, for the real network, the adversary acts it is the user who is accessing the network, thus completing the exploitation of the encrypted second layer in the LTE network.

The researchers, David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper from Ruhr-Universität Bochum and New York University Abu Dhabi, claimed that achieved an average success rate of about 89% ± 10. In future experiments, they plan to conduct the same experiments within a commercial network, which complicates the attack due to background noise and uncontrolled network dynamics.

The researchers have informed the relevant institutions such as the GSM Association (GSMA), 3rd Generation Partnership Project (3GPP) and telephone companies in a responsible disclosure process before publishing this work, they said. The team’s work will appear 2019 IEEE Symposium on Security & Privacy which will be held from May 20-22 in San Francisco, California but the details are already available in a pre-print version of the paper.