New LTE Vulnerabilities Can Spoof Emergency Alerts, Spy On Calls And Messages
Researchers at Purdue University and the University of Iowa have just exposed a list of LTE vulnerabilities that could create quite a headache for carriers (and consumers) if not fixed soon. Using a framework the researchers call LTEInspector, eight of the ten new vulnerabilities were tested as working on a testbed with SIMs from 4 different carriers.
Vodafone cellular tower in Germany (Flickr: Vodafone Medien)
There are many possibilities of the chaos these vulnerabilities could create, but one brought to the forefront would let an attacker spoof the location of a customer, even without the appropriate credentials.
In the list (which can be seen below, and was grabbed from the research PDF), we can see that all of the vulnerabilities hinge on an LTE protocol function: attach, detach, and paging. In some cases, information could be leaked, while in others, phones could be knocked offline. The softest attack could result in your battery draining quicker, which sounds great in comparison to spoofed emergency alerts being shot out -- Hawaii recently taught us the kind of chaos those emergency messages can create, real or not.
The only attacks of the ten that haven't been verified include the battery-life draining, spoofed emergency alerts (for obvious reasons!), and information leaked information via the ProVerif protocol verifier.
The timing of this reveal is a little coincidental, as Arm just last week talked of embedding LTE modems in our SoCs, with one of the biggest reasons for continuing to go all-SIM on our devices being the enhanced security and also stability. With that said, services with cellular services are pretty rock-solid overall; it's just that when a vulnerability is taken advantage of, it can affect a great number of people. Hopefully we won't see any of these new vulnerabilities exploited before they get patched up.