• The vulnerabilities can allow attackers to disrupt mobile base stations, block incoming calls and disconnect users from a mobile network.
  • Some of these vulnerabilities are not new and have been identified over the past years.

In the latest research, a group of academics from South Korea have discovered a total of 51 vulnerabilities in the Long-Term Evolution (LTE) protocol. The protocol is used by numerous mobile networks and hundreds of thousands of mobile users across the world.

Why it matters - A four-person research team from the Korean Advanced Institute of Science and Technology Constitution (KAIST) has revealed that there are 51 security flaws in the LTE standards. Of these, 36 have been identified as new vulnerabilities.

The vulnerabilities can allow attackers to perform a range of malicious activities that include disrupting mobile base stations, blocking incoming calls, disconnecting users from a mobile network, sending spoofed SMS messages and eavesdropping and manipulating user data traffic.

Some of these vulnerabilities are not new and have been identified over the past years - July 2018, June 2018, March 2018, June 2017, July 2016 and October 2015.

Why it matters - According to the KAIST paper, these vulnerabilities have been discovered using a semi-automated testing tool named LTEFuzz. The tool, working on Fuzzing technique, was used to craft malicious connections to a mobile network and then analyze the network’s response.

These vulnerabilities are believed to be a driving force in the ongoing research to create a new and improved 5G standard.

What actions were taken - Following the discovery of vulnerabilities, KAIST researchers have notified both 3GPP (industry body behind LTE standard) and GSMA (industry body that represents mobile operators). Additionally, the affected baseband chipset vendors and network equipment vendors have also been informed about the issue.

Researchers noted that the flaw not only exists in the protocol but also resides in how some vendors have implemented LTE in their devices.

Cyware Publisher