A vulnerability that can intervene in communication by impersonating a user is found with smartphone communication standards '4G / LTE' '5G'



New vulnerabilities were discovered in the 4th generation mobile communication system (4G / LTE) and 5G, the next generation mobile communication system, and attackers could impersonate users on the network to look for confidential information or shop on their own. A research team from Ruhr University Bochum and New York University Abu Dhabi announced that they had succeeded in the ' IMP4GT (Impact) ' which performs a

man- in-the- middle attack . The research team says that any vulnerabilities found should be fixed immediately.

PAPER: IMP4GT: IMPersonation Attacks in 4G NeTworks
(PDF file) https://imp4gt-attacks.net/media/imp4gt_camera_ready.pdf


IMP4GT: IMPersonation Attacks in 4G NeTworks
https://imp4gt-attacks.net/

The IMP4GT discovered by the research team is formally called 'IMPersonation Attacks in 4G NeTworks' (4G network spoofing attack), using the mutual authentication method used by mobile phones and network base stations, each ID Verifying and manipulating the data packet being transmitted. By spoofing the victim's Internet traffic, the attacker could make a fraudulent purchase, visit an illegal website, access a confidential document using the victim's ID, or redirect to a malicious site It is also possible to do.

'In IMP4GT, an attacker exploits the specifications of the IP stack included in the mobile phone's OS to build a database for communication encryption and decryption, and does not provide protection by checking the integrity of user data. That's why an attacker can insert arbitrary packets. '



As an experiment, the research team built a device that performs IMP4GT over software radio . This device, which intervenes between an Android-equipped smartphone and a base station, is called 'uplink spoofing' that makes it appear as a mobile phone from the base station, and 'downlink spoofing' that makes it appear as a base station from the mobile phone It is possible to do. The research team reports that they have successfully used the device in a laboratory environment and successfully performed IMP4GT on a commercial smartphone connected to a commercial 4G / LTE network.

However, according to the research team, the attacker needs to be within 2 km of the victim's mobile phone, requires very advanced skills and special hardware, and attacks in an environment without a shield box In order to do so, more advanced technology is required. The research team said, `` There is almost no probability that IMP4GT will actually be performed, '' but `` If you are dealing with one target of high interest, IMP4GT is worth the technical constraints for an attacker '' States.



The research team also reported that 5G, which will go into full operation in 2020, has the same vulnerability. In order to fix this vulnerability, it is necessary to perform a complete integrity check of user data in 4G / LTE and 5G, and apply stronger security.

The research team believes that while 5G, which has yet to be implemented, can be modified quickly, modifying 4G / LTE, which is already widely used, can be quite expensive. `` Adding user data integrity checks increases traffic, so mobile phone network operators must accept high costs, '' said David Rupprecht, a security researcher at Ruhr University Bochum and author of the paper. You also need to replace all your smartphones and expand your base station, but you can't do it right away. '

in Mobile,   Security, Posted by log1i_yk