Security News > 2020 > February > By exploiting an LTE vulnerability, attackers can impersonate mobile phone users

By exploiting an LTE vulnerability, attackers can impersonate mobile phone users
2020-02-24 06:30

Exploiting a vulnerability in the mobile communication standard LTE, researchers at Ruhr-Universität Bochum can impersonate mobile phone users.

David Rupprecht and Dr. Katharina Kohls from the Chair of System Security developed attacks to exploit security gaps in the mobile phone standard LTE. "An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them," illustrates Professor Thorsten Holz from Horst Görtz Institute for IT Security, who discovered the vulnerability together with David Rupprecht, Dr. Katharina Kohls and Professor Christina Pöpper.

They not only can convert the encrypted data traffic between the mobile phone and the base station into plain text, they can also send commands to the mobile phone, which are then encrypted and forwarded to the provider - such as a purchase command for a subscription.

Thus, they trick the mobile phone to assume that the software-defined radio is the benign base station; to the real network, in turn, it looks as if the software-defined radio was the mobile phone.

For a successful attack, the attacker must be in the vicinity of the victim's mobile phone.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/OM1tnBQnQP8/