Cyber security news for all

More

    A vulnerability in LTE allows attackers to access identities

    A security gap in the LTE mobile communication standard, also known as 4G, has been able to accept the identity of other people and to book paid services on their behalf, which are paid for using the mobile phone bill – such as a subscription to streaming services.

    An Attacker Could Use The Booked Services, For Streaming Series

    The owner of the victim cell phone would have to pay for it. The vulnerability can also impact law enforcement agencies, the researchers warn. Attackers can not only make purchases on behalf of the victim, but also access websites and act there with the victim’s identity – for example, placing secret company documents online. For network operators or law enforcement agencies, it looks as if the victim is the perpetrator.

    LTE vulnerability

    Almost All Cell Phones And Tablets Are Affected

    The newly discovered vulnerability affects all devices that use LTE, almost all cell phones and tablets, as well as some networked household items. It could only be remedied by changing the hardware design. A cyber team is committed to closing the security gap in the new 5G mobile communications standard, which is currently being rolled out. Technically, that would be possible. However, mobile operators have to accept higher costs because the additional protection creates more data that would have to be transmitted. In addition, all cell phones would have to be replaced and the base stations expanded. That will not happen in the near future.

    Attacker Must Be Nearby

    The problem lies in the lack of integrity protection at the moment: encrypted data packets are sent between the cell phone and the base station, the contents of which are normally not visible. Nevertheless, it is possible to change the exchanged data packets. We don’t know what is in which position in the data packet, but we can provoke errors in it by changing bits from 0 to 1 or from 1 to 0, experts illustrate. By provoking such errors in the data packets sent, the researchers can make a cell phone and the base station decrypt or encrypt messages.

    Recent Articles

    Hungarian banks were the target of a massive DDoS attack

    Several banks and the Hungarian Telekom have been the target of a cyber attack. The attacks are said to have come in several waves...

    The source code of Windows XP is leaked

    The source code of Windows XP is currently freely accessible. The media says that data first appeared on 4chan and is currently being exchanged...

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox