Researchers at Purdue and the University of Iowa have outlined exploits in 4G LTE protocols that would let intruders conduct ten serious attacks, including spying on calls and text messages, tracking locations, knocking devices offline and even faking emergency alerts.
Intuders can take advantage of three key protocol tasks (such as attaching a device to the network and maintaining a connection) to conduct authentication relay attacks that not only let them connect to the network without credentials, but masquerade as the victim’s device. A hacker could not only compromise the network, but frame someone else for the crime.
These aren’t just theoretical attacks, either. The team tested eight of the ten attacks using SIM cards from four large US carriers.
While the issues have to do with LTE itself, it is possible to fix them — at least one of the big US carriers already has. There’s still a race against time, however. You can build the necessary LTE exploit tool for as little as $1,300 using readily available parts, so a determined attacker could infiltrate a network without an abundance of resources.
This stresses the importance of testing cell standards in the real world. It’s relatively easy to fix security flaws before a standard is finalized and rolls out in earnest — it’s another when it’s already in use by cell carriers that may have to patch vast networks.