The LTE (Long-Term Evolution) mobile communications standard is the latest weapon of rogue hackers to attack unsuspecting electronic device users.
A group of researchers recently found a flaw in LTE, also known as 4G, being used by cybercriminals to meddle in a user's browsing activity. The activity does not end with interfering in browsing sessions but further redirects a user to malicious websites.
LTE was designed to curb security vulnerabilities that its predecessor, the 3G, cannot overcome. According to Statista, there are already 257 million LTE/4G mobile phone users around the world.
In a 16-page paper released by the researchers, they outlined three modes of attacking the data link layer of the LTE network, and they all involved an impairment of confidentiality and privacy of the communication. While the first two are identified as "passive" which perform identity mapping and website fingerprinting, the third one is the more invasive vector called "aLTEr."
An active attack targeting the vulnerable data link layer of LTE, "aLTEr" paves the way for attackers to capture browsing activities and steers users into accepting network requests through DNS spoofing. The data link layer is not integrity-protected which makes for an easy target of the vector to cover its tracks while making a false cell tower.
This bogus cell tower can accept requests from the trusting user and submit those requests to a real network. However, before these requests are forwarded, the attackers behind it can modify the bits of the encrypted packet. Finally, the attackers will redirect users to malicious websites by decrypting and re-encrypting the packet with a new DNS server.
On the other side of the spectrum, there are restrictions before the attackers can make it happen. First, a fake cell tower costs around $4,000 to make, and second, the subject LTE device has to be within a 1-mile radius of the attacker.
For now, to avoid any further breach, the users can opt to browse secure websites (HTTPS) and avoid the shady ones.