comscore Permanent LTE exploit found directing users to malicious websites | BGR India

Permanent LTE exploit found directing users to malicious websites

Sadly, there is just no solution to this.

  • Published: July 2, 2018 3:30 PM IST

LTE or Long-term Evolution, the GSM standard for high-speed wireless communication for mobile devices and data terminals, was supposed to fix security holes in previous wireless standards. However, it is not completely immune to security threats. The threats that exploit inherent flaws in LTE were discovered by an international team of researchers.

The researchers discovered an attack method described as aLTEr that takes advantage of flaws in LTE standard to direct users to hostile websites. An active exploit is said to use the lack of integrity checks in LTE’s lower layers to modify the text inside a data packet. Since it is easy to determine these DNS packets responsible for directing traffic to website addresses, attackers are successful in directing requests to malicious DNS servers without creating any caution from the user.

ArsTechnica reports there is also a passive attack in progress that uses a sniffing device near the user to intercept leaked info about a user’s LTE data transmissions and compares those to data fingerprints for popular websites. If these attackers find a match then then know where you are going despite encryption algorithm that are supposed to keep your web addresses a secret.

These passive attacks are not easy to execute and the attacker needs to be close to their target and ArsTechnica says the hardware to execute such an attack could cost $4,000. The problem here is that you cannot patch the issue with an over-the-air software update or replacing a hardware. The best way to secure yourself is visiting sites that use HTTP Strict Transport Security or DNS Security extensions.

Watch: Samsung Galaxy S9+ Video Review

Someone taking advantage of this vulnerability and executing an attack is highly unlikely since that would require a committed hacker or a surveillance agency. There might not be a permanent fix to this issue until users switch to 5G, the next-generation of mobile telecommunication standard.

  • Published Date: July 2, 2018 3:30 PM IST