aLTEr LTE Exploit Can't Be Patched And Can Steer Your Phone To Nefarious Websites
A new attack that takes advantage of flaws that are inherent to LTE technology has surfaced called aLTEr. The exploit was discovered by an international team of security researchers and is able to redirect users to hostile websites. The exploit works in part by taking advantage of the fact that there is no integrity checking built into the lower layers of LTE.
That lack of integrity checking allows nefarious hackers to use DNS packets directing traffic to website addresses to steer user requests to malicious DNS servers. Attackers could then take the user to whatever website the attacker wants. These websites could be used to launch attacks of other types on unsuspecting LTE users.
A passive attack is outlined where a nefarious user could use a sniffing device near the target user to intercept leaked information about the LTE data transmissions. That intercepted information could then be compared to so-called data fingerprints for popular websites. If the intercepted data fingerprint matches a popular site, the nefarious user then knows where the user is going despite encryption being used to keep the destination a secret.
Before you get worried it's worth noting that the attack is rather difficult to perpetrate and costly. Reports indicate that the gear the attacker would need to take advantage of this exploit costs about $4,000. The only way to protect yourself from this exploit is to only visit sites that use HTTP Strict Transport Security or DNS Security Extensions.