4G mobile networks are riddled with exploitable security flaws, claim researchers

Academics identify ten serious 4G security flaws

Security researchers have discovered a string of vulnerabilities affecting the protocols that underpin 4G LTE networks globally.

According to a team of academics at Purdue University and the University of Iowa, most of the world's 4G networks are likely to be exposed to a range of security flaws that cyber criminals - or government intelligence agencies - can easily tap into.

In a technical paper, called "LTEInspector: A Systematic Approach for Adversarial Testing of 4G" (PDF), the researchers identified a number of security problems across the attach, detach and paging protocols of the mobile communications technology.

"We investigate the security and privacy of the three critical procedures of the 4G LTE protocol (ie, attach, detach, and paging), and in the process, uncover potential design flaws of the protocol and unsafe practices employed by the stakeholders," they wrote.

The paper continues: "For exposing vulnerabilities, we propose a model-based testing approach LTEInspector which lazily combines a symbolic model checker and a cryptographic protocol verifier in the symbolic attacker model."

By utilising these flaws, attackers can take control of 4G LTE networks easily and quickly - without even login credentials.

Theoretically, they argue, hackers could use a legitimate identity to send and receive messages on behalf of someone else.

It is also believed that they would be able to remove other devices from the network and generate spoof locations.

The academics claim to have found ten new vulnerabilities that they believe could enable hackers to target individuals. Using a testbed rig and lab-based mobile network, they were able to exploit eight of the flaws.

The researchers explained that they "built a testbed using low-cost software defined radios and open-source LTE software stack having a price tag of around $3,900 which we would argue is within the reach of a motivated adversary".

They added: "Retrospectively adding security into an existing protocol without breaking backward compatibility often yields band-aid-like-solutions, which do not hold up under extreme scrutiny.

"It is also not clear, especially, for the authentication relay attack whether a defense exists that does not require major infrastructural or protocol overhaul."