Intelligence agencies and skilled hackers can now spy on people and companies by hacking the mobile data airwaves.
The cybersecurity researchers have shown in detail how this surveillance techniques can be used to identify people within a tower’s radio cell, see which websites they visited, and redirect them to malicious web pages by hijacking their DNS.
This type of hack is experimental and difficult to perform in real-world scenarios but it is possible.
There are two types of techniques used here passive and active.
The identification and website snooping techniques are passive, meaning that an agent can only listen to what’s going on over the 4G network airwaves.
On the other hand, an active operation like, webpage redirection attack, is done by a hacker that uses a malicious cell tower to tamper with transmissions. This type of DNS spoofing is also known as “aLTEr.”. In an aLTEr cyberattack, the website spying works by identifying sites by their patterns of traffic over the air.
This type of clear and present danger doesn’t affect only the 4G networks but also the forthcoming 5G networks because they are built on the same underlying and hackable technologies.
Countermeasures need to be applied immediately! Authenticated encryption must be used in order to make an aLTEr cyberattack irrelevant; this can be done by using message authentication codes to user plane packets.
Nowadays your phone has all the information a hacker needs to launch further attacks on other personal devices; In order to stay away from any threats like this, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
By leaving mobile networks unprotected this type of attack can be exploited by hackers or various intelligence agencies to spy on persons of special interest, like politicians, journalists, and human rights activists.
However, until now, this cyber attack has been demonstrated only in a lab environment and is purely theoretical; but with some engineering effort, it can also be performed in the real world.
A paper with all the technical details about the aLTEr attack will be presented during the 2019 IEEE Symposium on Security and Privacy next May.
Before going public with all the threat details, major institutions like the GSM Association (GSMA), the 3rd Generation Partnership Project (3GPP), and telephone companies have already been informed.
For now all can we say is that LTE security flaws have been identified in both the physical (layer one) and network (layer three) layers;
This bad news comes just days after another team of researchers unveiled further security concerns about Diameter, an authentication, authorization, and accounting protocol in 4G and 5G networks.
Conclusion: 4G is now having a serious cybersecurity problem which needs to be fixed before the 5G standard becomes mainstream.
We would continue to monitor this big cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.