By abusing security weaknesses in the LTE mobile telephony standard, attackers are able to identify which web pages a user visits and to reroute him to a scam website. This is the result of a study carried out by security experts from Horst Görtz Institute at Ruhr-Universität Bochum. All devices using LTE, also referred to as 4G, are affected – i.e. almost all mobile phones and tablets, as well as certain household devices connected to the network. The weaknesses are impossible to close; and they are also still present in the upcoming mobile telephony standard 5G, the standardization of which is currently pending. Still, the problem may be stemmed with the aid of other security mechanisms in browsers or apps.
The findings have been published by David Rupprecht, Katharina Kohls, Prof Dr Thorsten Holz and Prof Dr Christina Pöpper in the Internet.
Rerouting users to wrong websites
The payload transmitted via LTE is encrypted, but its integrity is not verified. “An attacker can alter the encrypted data stream and reroute the messages to his own server without alerting the user,” explains David Rupprecht. In order to do so, the attacker has to be in the vicinity of the mobile phone he targets. Using special equipment, he intercepts the communication between the phone and the base station and reroutes the user to a fake website by altering the messages. On that website, the attacker can then perform any actions he chooses, including monitoring the passwords as they are entered.
“Websites and apps that deploy the HTTPS security protocol in the correct configuration provide adequate protection against rerouting,” points out Rupprecht. They alert the user whenever he is about to be rerouted to a fake page. However, it is not possible to prevent an attacker from monitoring certain information and activities performed on the mobile phone, for example the identity of the user and the websites he views.
The researchers from Bochum have demonstrated that the traffic pattern alone – i.e. the payload volume sent by a phone within a specific period of time – gives indication of the websites viewed by the user. In order to access this information, the attacker does not have to actively intercept the communication between mobile phone and base station; rather, simple passive recording of the transmitted metadata does the trick.
The whole press release is available here.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.