A slew of LTE 4G vulnerabilities endanger Android users and mobile carriers

As an ever increasing number of mobile carriers around the world switches to from using GSM/UMTS networks to Long-Term Evolution (LTE 4G) ones, both carriers and users are facing a number of dangers.

“Current LTE networks rely on packet switching, rather than the circuit switching of previous generations of the mobile network. The use of packet switching and the IP protocol (particularly the SIP protocol) may allow for new types of attacks not possible on previous generation networks,” the Computer Emergency Response Team Coordination Center (CERT/CC) at Carnegie Mellon University has warned.

“Some implementations of LTE networks and mobile applications are currently vulnerable to several issues which may result in loss of privacy, incorrect billing, and data spoofing.”

The issues have been mapped out by a group of Korean researchers, and can be exploited by attackers to effect DoS attacks against users, spoof phone numbers, obtain free data usage, establish a peer-to-peer network within the mobile network in order to retrieve data from other phones, and silently place phone calls without the user’s knowledge (via a malicious Android app).

Each provider/implementation of LTE may be vulnerable to one or more of these issues, and it’s on them to fix this. “Each provider must apply updates to their own network as necessary to resolve these issues. However, each provider is vulnerable to a different subset of these issues, so the exact fixes and timelines vary between providers. Concerned customers should contact their service provider for more information,” CERT/CC advises.

Apple’s devices are not affected by these flaws, but Google’s are. In fact, all Android devices are.

According to ZDNet, Google has confirmed the problem and has promised to fix the issued in the November security update for its Nexus devices.

According to the CERT/CC’s T-Mobile and Verizon both do not utilize session management, potentially opening up the network to denial of service and peer-to-peer direct communications. In addition to this Verizon’s network may be vulnerable to direct communications through the gateway, possibly allowing call spoofing.

Every carrier that uses LTE would do well to check their implementation for the above flaws, and try to mitigate and/or remove the problems.