German researchers have located a new vulnerability on 4G/LTE mobile devices that could permit hackers to impersonate the phone's owner.
Hackers can run up customers' bills, upload illegal files under customers' identities, and even intercept unencrypted internet traffic. It's all due to a probability that's built into all devices that use LTE service. The excellent information is that it's extraordinarily unlikely for an average user to suffer to this form of crime, given the complexity of the hack.
A complicated hack but...
"The attacker needs to be highly-skilled and near the victim," says Maya Levine, protection engineer at safety software provider Check Point. The average person is not going to be affected by this, according to Levine. Still, a single target of extreme interest can be targeted.
Researchers at Ruhr-Universität Bochum in Germany located the crack in the system. The team, comprising Thorsten Holz from Horst Görtz Institute for IT Security, David Rupprecht, Katharina Kohls, and Christina Pöpper, are expected to provide their findings next week on the Network Distributed System Security Symposium in San Diego.
Here's how hackers take advantage of the vulnerability: When an LTE mobile smartphone person moves around, the nearest mobile tower sends a signal to his or her tool. An attacker must be in the same region as the supposed sufferer to fool the mobile tower and have the technical information to pose as the unique person to send and acquire the LTE signals.
ALSO READ: PHP7 Security Risk Exposes Websites to Hackers
The attacker may want to then run up a person's invoice by making global calls or use premium subscriptions by the victim's provider, according to Mark Nunnikhoven, VP of cloud research for cybersecurity company Trend Micro. Nunnikhoven added that hackers can also accumulate unencrypted statistics sent to the sufferer.
"This attack occurs at any such low level that each one the sports we're used to doing-Facebook, email, messages are encrypted," Nunnikhoven says. The usual activities, according to Nunnikhoven, are not possible to be impacted by this.
The most likely goal of this form of hack might be for wealthy people or specific objectives who may additionally have large quantities of sensitive information, the researchers say. Even then, the probabilities that a hacker could get more useful statistics remains to be slim, given that most online activities are encrypted.
ALSO READ: Apple emphasizes user data security features of iOS 8
Hack could pose trouble for law enforcement agencies, network providers
The vulnerability should pose trouble for network providers and law enforcement agencies. Each of them would have a hard time verifying whether a hacker did the activities the tool subscriber did.
"The service should say I acquired a request for this service, and I billed you," says Darren Shou, head of technology at NortonLifeLock. "And the user might claim, 'It became an evil twin.' What repudiation might exist?"
ALSO READ: Now You Can Make Your Carrier Unlock Your Smartphone...But There's A Catch
Nothing to worry about--experts say
The new discovery, however, doesn't provide any reason for the typical LTE user to panic. It does remind consumers, vendors, and technologists of the need to continually improve their security practices.
The LTE vulnerability isn't something a consumer has any control over, but there are things customers can control. "A healthful dose of paranoia in terms of what you're receiving is essential," Levine says.
For technologists, news of the LTE hack reinforces how crucial encryption is, as hackers keep to find new methods to steal treasured data.
While the LTE hack isn't an immediate, significant risk today, the brand new findings might be extra troublesome inside the near future. Nunnikhoven said there could be challenges down the road if another one enhances this issue.
ALSO READ: Slow Internet connection? The Web might have a bigger problem