4G LTE network risks easily receiving DoS attack

ByMichael Coghlan

A security event held in London on November 1 - 4, 2016 "Black Hat Europe 2016"It was pointed out that there is a danger of being subject to DoS attacks more easily than the 4 G LTE network used for mobile phone communication was considered.

Black hat EUROPE 2016 - Detach me not - DoS attacks against 4G cellular users worldwide from your desk
(PDF file)https://www.blackhat.com/docs/eu-16/materials/eu-16-Holtmanns-Detach-Me-Not.pdf


4G LTE protocols used by smartphones can be hacked, researchers found
https://www.cyberscoop.com/4g-lte-protocols-used-smarthphones-can-hacked-researchers-found/

Danger was pointed out by Mr. Silke Holtmanns and Mr. Bhanu Kotte of Nokia Bell Laboratories and Mr. Siddharth Rao of Aalto University.

Currently, there are multiple systems for communication of mobile terminals such as smart phones, tablets, car terminals, etc. around the world. However4GCompatible terminals2GEven between compatible terminals, you can send messages and talk to each other as if they were all connected to the same network. This is because there is a protocol for realizing mutual communication on the back side.


What used to be mainly usedSS7 (No. 7 common line signal)Although it was a signaling protocol called a "signaling protocol", replacement with a new protocol is now under way,IPSecBecause there is a protocol for performing cryptographic communication called so, migration to Diameter, which is thought to be highly secure, is proceeding.

However, there was a problem in the use of this IPSec where it is arbitrary by the operator. If IPSec is used, the communication is encrypted, but if the operator invalidates it, the communication will be unprotected without being encrypted. Furthermore, there is no way to confirm this.

In Black Hat Europe 2016, Holtmanns and his colleagues from Finland connected to a certain UK telecommunications operator, conducted an attack simulation and demonstrated that it can do a DoS attack against a 4 G LTE network.

Bell Laboratories thought about the possibility that the 4G network is not secure, but the degree is about the same level that each cell phone operator expects, and it is easy to make DoS attack easily so far He did not think he could do it.

Mr. Rao to Cyberscoop "Telecommunications protocols are not widely open compared to the easily available Internet protocols, and attacks like this require detailed knowledge of protocols "In order to prevent these attacks, business operators firmly audited the system and said that attention and efforts should be made, such as setting up a valid firewall.