Thirty-six new security flaws found in 4G mobile networks

South Korean researchers discovered 36 new flaws using a technique called 'fuzzing'

Security researchers at the Korea Institute of Science & Technology have identified 36 security flaws in the 4G LTE standard used by mobile networks and devices worldwide.

In their research paper [PDF], they claim to have found vulnerabilities enabling attackers to eavesdrop and access user data traffic, distribute spoofed text messages, interrupt communications between base station and phones, block calls and disconnect users from the network.

Although there has been plenty of research about LTE security vulnerabilities published in the past, but what's different about this particular study is the scale of the flaws identified and the way in which the researchers found them.

Using a technique called "fuzzing", the researchers claim that they came across 51 vulnerabilities in total. While 15 had been previously detailed, 36 of them are new.

Neither the device vendors nor the carriers have checked the security of their network components carefully

"Based on the security property, LTEFuzz generates and sends the test cases to a target network, and classifies the problematic behaviour by only monitoring the device-side logs," wrote the researchers.

"Accordingly, we uncovered 36 vulnerabilities, which have not been disclosed previously. These findings are categorised into five types: Improper handling of (1) unprotected initial procedure, (2) crafted plain requests, (3) messages with invalid integrity protection, (4) replayed messages, and (5) security procedure bypass."

The researchers also investigated how these flaws can differ based on context and environment.

For example, a single carrier could have different vulnerabilities on two different devices, or a single device that uses two different networks could experience varying flaws.

"This shows that neither the device vendors nor the carriers have checked the security of their network components carefully. In addition, LTEFuzz was able to uncover vulnerabilities in baseband chipsets from Qualcomm and HiSilicon," they added.

Since publishing the research, the researchers have alerted the 3GPP, the GSMA and vendors of the newly found vulnerabilities.

They concluded by saying: "We plan to privately release LTEFuzz to these carriers and vendors in the near future. A public release is not planned as LTEFuzz can be used for malicious purposes."

This news comes at a time when network operators and vendors are preparing for the emergence of 5G, which will succeed 4G and cater to the expanding IoT ecosystem.

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.