Header Ads

Breaking News

Protecting iOS against the aLTEr attacks

Researchers from Ruhr-Universität Bochum & New York University Abu Dhabi have uncovered a new attack against devices using the Long-Term Evolution (LTE) network protocol. LTE, which is a form of 4G, is a mobile communications standard used by billions of devices and the largest cellular providers around the world.

In other words, the attack can be used against you.

The research team has named the attack “aLTEr” and it allows the attacker to intercept communications using a man-in-the-middle technique and redirect the victim to malicious websites using DNS spoofing.

Note: According to their FAQ question: “Is there a logo for the attacks“, the answer is: “Maybe. There are no stickers, t-shirts, songs, …“. You gotta love their sense of humor since no attack is truly relevant without its own logo! ☻

The aLTEr attack

This attack works by taking advantage of a design flaw within the LTE network — the data link layer (aka: layer-2) of the LTE network is encrypted with AES-CTR but it is not integrity-protected, which is why an attacker can modify the payload.

As a result, the attacker is performing a classic man-in-the-middle where they are posing as a cell tower to the victim, while pretending to be the real subscriber to the real network. The traffic from the victim is sent to the attacker where it is modified and forwarded into the real network.

Copyright © 2018 IDG Communications, Inc.

Source Link

No comments