Experts from Ruhr University reported on IMP4GT problem (IMPersonation Attacks in 4G NeTworks), which affects almost all modern devices with LTE support, that is, smartphones, tablets, IoT devices. A bug allows you to simulate another user’s operator’s network, which means an attacker will be able to issue paid subscriptions at the expense of other people or publish something (for example, secret documents) under the guise of someone else.
A key element of IMP4GT attacks is software-defined radio (that is, an attacker must be close to his victim in order to carry out an attack). Such a device is capable of intercepting signals between a mobile device and a base station, and, using them, trick a smartphone into giving itself up to a base station, or, on the contrary, trick a network into pretending to be a smartphone. As soon as the communication channel is compromised, manipulation of the data packets that circulate between the device and the base station begins.
“The problem is the lack of integrity protection: data packets between the mobile phone and the base station are transmitted in encrypted form, which protects data from listening. However, it is possible to modify these data packets. We don’t know what is in the data packet, but we can provoke errors by changing bits from 0 to 1 or from 1 to 0, ”experts say.
As a result, such bugs can force the mobile device and the base station to decrypt or encrypt messages, convert information into plain text, or create a situation where an attacker can send commands without authorization.
Such teams can be used to purchase paid subscriptions or to book services (when someone else pays the bill), but they can also have more serious consequences. For example, an attacker can visit sites under a false identity and transmit information on a false behalf, thereby substituting other people.
The authors of the study emphasize that IMP4GT attacks are dangerous for some 5G networks. The vulnerability can be eliminated in 5G networks by introducing mandatory integrity protection at the user level, but this will require considerable expenses on the part of telecom operators (additional protection will generate large data transfer, and base stations need changes), as well as replacing existing smartphones.
Specialists will present a detailed report on the problem at the NDSS Symposium 2020 conference, which will soon be held in San Diego.