LTE Flaw Lets Hackers Hijack Users Browsing Session

The LTE (Long Term Evolution) was created to improve the data transfer rate of the current mobile networks and also improve the security of the network. The LTE is used by general consumers and also by large organizations. An attack named aLTEr has been written about by researchers David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Popper and takes advantage of a vulnerability in the second layer of an LTE network which is also known as the data link layer.

The attack can hijack your browsing session and also allow the attacker to redirect the user to different services using DNS spoofing. The attack is dangerous but it also requires a $4000 worth of hardware to perform it. A video has been posted to see how the hack works on the commercial LTE networks. The video actually shows Hotmail being redirected to a spoofed version of the website which exactly looks like Hotmail.

The data link layer protects the data using encryption and also decides how the user accesses his data in the network. The data link layer also helps in correcting the transmission errors to help the physical channel to reduce the transmission errors. The data link layer helps the client to maintain the continuous data transmission between the client and the tower.

The aLTEr attack abuses the flaw in the inherent design of LTE so in layman’s terms it cannot be fixed. The aLTEr creates a fake cell tower takes the requests from the user reads them and forwards them to the real tower but modifies some key points of the data. The layers above the data link layers are protected by the mutual connection with the cell tower but the layers below it is not protected by the same mechanism hence it is easy for the attacker to modify the data in the layers. The attacker will take advantage of this layer to change which service the user uses or visits.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients