A security gap in the LTE mobile communication standard, also known as 4G, has been able to accept the identity of other people and to book paid services on their behalf, which are paid for using the mobile phone bill – such as a subscription to streaming services.
An Attacker Could Use The Booked Services, For Streaming Series
The owner of the victim cell phone would have to pay for it. The vulnerability can also impact law enforcement agencies, the researchers warn. Attackers can not only make purchases on behalf of the victim, but also access websites and act there with the victim’s identity – for example, placing secret company documents online. For network operators or law enforcement agencies, it looks as if the victim is the perpetrator.
Almost All Cell Phones And Tablets Are Affected
The newly discovered vulnerability affects all devices that use LTE, almost all cell phones and tablets, as well as some networked household items. It could only be remedied by changing the hardware design. A cyber team is committed to closing the security gap in the new 5G mobile communications standard, which is currently being rolled out. Technically, that would be possible. However, mobile operators have to accept higher costs because the additional protection creates more data that would have to be transmitted. In addition, all cell phones would have to be replaced and the base stations expanded. That will not happen in the near future.
Attacker Must Be Nearby
The problem lies in the lack of integrity protection at the moment: encrypted data packets are sent between the cell phone and the base station, the contents of which are normally not visible. Nevertheless, it is possible to change the exchanged data packets. We don’t know what is in which position in the data packet, but we can provoke errors in it by changing bits from 0 to 1 or from 1 to 0, experts illustrate. By provoking such errors in the data packets sent, the researchers can make a cell phone and the base station decrypt or encrypt messages.