Black Hat Europe: Researchers demonstrate how to bypass LTE/4G security
How safe is your 4G phone?
LTE (4G) is more secure than GSM (2G) and UMTS (3G) but that doesn't make it impervious to International Mobile Subscriber Identity (IMSI) catchers.
That's the conclusion of a presentation due to be given at Black Hat Europe this week, by Ravishankar Borgaonkar, Altaf Shaik, N. Asokan, Valtteri Niemi and Jean-Pierre Seifert.
To prove the point, the researchers will build an LTE IMSI catcher and demonstrate how "most popular phones" fail the test courtesy of vulnerabilities in baseband software and deployed networks that bypass enhanced LTE security measures. If that weren't enough, the same team reckon it has also managed to perform what it describes as being rudimentary Denial of Service (DoS) attacks that effectively block the LTE signal and force the handset to dropdown to a 3G or 2G connection on demand.
The researchers from Aalto University, the Technische Universitat Berlin, University of Helsinki, University of Turku and Telekom Innovation Laboratories, claim that these represent the first wave of practical attacks aimed at 4G networks. Pinpointing a location invades privacy, and service disruption could prevent calls from being made. However, none put any data stored on the target devices at risk.
All of which is hugely interesting from a mobile network nerds perspective, pretty interesting from a security nerds perspective, but should ends users actually be worried by all of this or would they be better aiming their anxiety at existing credential logging, data stealing, money spending malware instead?
SCMagazineUK.com got in touch with Jonathan Parker-Bray, CEO of Criptyque and a former telecoms executive with 25 years of network building experience who has now moved into end-to-encryption with a secure mobile platform called Pryvate.
We asked him just how problematical, in the real world and for most users, is the notion that someone could triangulate the precise location of their smartphone or other mobile device?
"The thought of a hacker triangulating someone's mobile device is not only a worrying notion but a very real threat that could be used for many purposes such as criminals targeting high-profile individuals and professionals," Parker-Bray told us.
He said hackers "have access to tools which enable them to intercept and record calls and text messages from up to 30 kilometres away" which, when coupled with location knowledge, "could lead to critical communications being overheard."
Parker-Bray also pointed out that triangulation isn't actually even necessary to determine location as it's quite possible to obtain a user's unique MAC address from a cellular intercept, and that can then be monitored for approximate positioning of the device.
Wim Remes, strategic services manager EMEA at Rapid7, isn't so convinced it will concern most folk. “Most users already use a large amount of location apps. Find your friends, Swarm, Facebook, Twitter, Uber, Tinder and their peers hold and share information about where you are exactly at what moment. Not to mention a history of where you were," he said.