LTE was theoretically supposed to fix the security holes baked into earlier wireless standards, but it isn’t completely immune. An international team of researchers has discovered a attack methods (nicknamed aLTEr) that takes advantage of inherent flaws in LTE to direct users to hostile websites. An active exploit uses the lack of integrity checks in LTE’s lower layers to modify the text inside a data packet. Since that’s easy to determine with DNS packets, which direct traffic to website addresses, you can steer requests to malicious DNS servers and thus take the user to a website of your choice.
A passive attack, meanwhile, uses a sniffing device near the user to intercept leaked info about a user’s LTE data transmissions (when and how much data they use, for instance) and compares those to data ‘fingerprints’ for popular websites. If there’s a match, you know where they’re going despite encryption ostensibly keeping the destination a secret.
These attacks aren’t exactly trivial. You need to be physically close to your target, and sniffing hardware isn’t cheap (Ars Technica places the cost at roughly $ 4,000). Whoever uses the attacks will likely be either a committed thief or a surveillance agency. The problem, as you might have gathered, is that you can’t patch against this. Your best bet is to only visit sites using HTTP Strict Transport Security or DNS Security extensions, and that isn’t always easy. Although the like of facing an attack isn’t that high, there might not be a permanent solution until you’re using 5G.
Via: Ars Technica
Source: aLTEr Attack