Security researchers have uncovered potential design flaws in the 4G LTE protocol.
They investigated the security and privacy of the three critical procedures of the protocol – attach, detach, and paging.
For exposing vulnerabilities, they proposed a model-based testing approach “LTEInspector”. This combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model.
Using LTEInspector, the researchers uncovered 10 new attacks along with 9 prior attacks – categorised into three classes – security, user privacy, and disruption of service.
“Notable among our findings is the authentication relay attack that enables an adversary to spoof the location of a legitimate user to the core network without possessing appropriate credentials,” they said.
To ensure the exposed attacks pose real threats, they validated eight of the 10 attacks and their accompanying adversarial assumptions through experimentation in a testbed.
In layman’s terms, the design flaws of the 4G LTE protocol allow attackers to:
- Eavesdrop on text messages and phone calls.
- Knock connected 4G LTE devices offline.
- Spoof emergency alerts.