4G LTE is the fastest mobile internet band available in the market until 5G is available commercially. The benefits of high-speed 4G LTE have been valued dearly by smartphone users around the world. But there's a dark side of this luxury that can put users in grave danger.
Demonstrating the potential risk of a vulnerability in CSFB (Circuit Switched Fallback) in 4G LTE network, Unicorn team researchers from China's leading security company, 360 Technology, showed how hackers can access user's call and SMS records without the victim's knowledge. The attack, known as the "Ghost Telephonist", was presented at the ongoing hacker summit Black Hat USA 2017 and DEF CON in Las Vegas, Nevada.
What is CSFB (Circuit Switched Fallback)?
Consumers are usually not familiar with the process involved in delivering internet and telecommunication network to users. CFSB is an interim solution for LTE providers, who rely on 3G or 2G network to complete the call or to deliver a text message. This is not the case with 4G VoLTE, which carries out voice calls without falling back to the ageing 3G/2G network.
Smartphone users don't realize this, but their 4G falls back to 2G several times a day to complete calls and deliver SMS. The standard procedure while connecting to any network is to send authentication codes to prove the phone's identity, but there is no authentication done when a device switches from 4G LTE network to a lower network.
This lack of authentication gives hackers a tiny window to intercept and gain access to victim's calls and SMS. This process takes place in a matter of just 60 seconds.
How does it affect users?
Thanks to enhanced security measures taken by most online services, be it banking or accessing your social media accounts, an authentication code is sent to owner's phone before signing in. This process is called two-factor verification.
When hackers gain access to your calls and SMS, it is as simple as resetting an online account password and use the interception to gain the OTP to reset the password and sign in.
At the presentation, the Unicorn team showed how one could reset a Google account and Facebook account password with a stolen phone number. This will lead to compromising your personal accounts.
Adding to that, the researchers also warned that "Ghost Telephonist" can be used to initiate a call or an SMS impersonating the victim. The phone number can be used to make an advanced attack, making this a serious threat to those on a 4G LTE network. Hackers can target a particular victim or randomly attack any given person using the Telephonist flaw.
Are there any precautions?
"Several exploitations can be made based on this vulnerability," Unicorn Team wireless security researcher Huang Lin, told Xinhua. "We have reported this vulnerability to the Global System for Mobile Communications Alliance(GSMA)."
Hoping the right measures will be taken to add a security layer while phone switches from 4G to lower bands, the researchers have noted that placing your phone in Airplane mode can block Ghost Telephonist. While that seems impractical, using a 4G VoLTE network can avert the threat.