36 vulnerabilities in LTE 4G standard could enable data interception

Researchers have discovered a collection of flaws in the Long-Term Evolution (LTE) standard, which could allow an attacker to send spoof messages and intercept data traffic.

A team with the Korea Advanced Institute of Science and Technology Constitution (KAIST) have discovered 51 vulnerabilities with the 4G standard, including 15 known issues and 36 previously undiscovered flaws.

They discovered this set of flaws using a code-testing technique known as 'fuzzing'. The KAIST researchers used a tool dubbed 'LTEFuzz' to feed large amounts of random data into identified processes to test them for potential anomalies.

The vulnerabilities unearthed span a broad spectrum, varying in nature and severity. They range from a flaw that could allow an attacker to disconnect a victim from their mobile network, to one that permits the eavesdropping and manipulation of data communications.

Tests were conducted across several devices on two high-profile mobile network operators. The KAIST team was intrigued by the fact that on the same operator, two core networking components from different vendors could present different vulnerabilities. The same was also true for two components from a single vendor, but deployed across different operators.

The full list of vulnerabilities discovered can be found at the foot of the team's 16-page report, which they are planning to present publicly at the IEEE Symposium on Security and Privacy in May.

"LTEFuzz successfully identified 15 previously disclosed vulnerabilities and 36 newvulnerabilities in design and implementation among the different carriers and device vendors," the researchers noted.

"The findings were categorized into five vulnerability types. We also demonstrated several attacks that can be used for denying various LTE services, sending phishing messages, and eavesdropping/manipulating data traffic."

LTE is a networking standard that offers slightly slower speeds than 'true 4G', but is widely used by network operators and marketed as 4G. However, as the hype behind 5G continues to gain momentum in 2019, researchers have been discovering a series of flaws in the protocols that underpin the next-gen technology.

Academics in February, for example, discovered three flaws in 5G that exploit a handset's paging protocol, allowing an attacker to track somebody's location, spoof text messages and block messages altogether.

But as manufacturers gear up to launch a wave of 5G-ready handsets, 4G will continue to be used by a vast cross-section of the public and businesses in the UK.

The KAIST researchers said they have no plans to release their LTEFuzz tool in any public capacity because it can be used for malicious purposes. The team does, however, plan to share LTEFuzz with mobile network operators and device vendors.