Security researchers from the New York University Abu Dhabi, in the United Arab Emirates, found three flaws in the data link layer of the ubiquitous LTE network that would allow attackers to eavesdrop on targets and change the contents of their communications.
Although LTE network technology brought many security improvements over 2G and 3G, so far it hasn’t proven to be that secure. Multiple flaws have been found over the past few years, flaws that have allowed makers of surveillance tools such as StingRays and other cell-site simulators, to intercept people’s communications at ranges of multiple miles from the device itself.
The standards developers for wireless technology have often been under pressure by nation state intelligence agencies to make the security of these networks breakable and easy to intercept. For instance, in the 80’s, GCHQ put pressure on the creators of the GSM standard to use only 54-bit encryption keys, which could still be broken by the intelligence agency. Therefore, it wouldn’t be surprising to learn that some of these flaws were introduced on purpose to make eavesdropping by the intelligence agencies easier.
LTE Network Attacks
The researchers found two passive attacks against LTE networks: an identity mapping attack and a method to perform website fingerprinting. The third type of attack, called “aLTEr” by the team, is an active attack, which allows an attacker to intercept communications.
The researchers said that the LTE network’s data layer is not integrity-protected. This means an attacker can change the bits even within an encrypted packet, and then the attacker will be able to decrypt that packet. As the researchers said in their paper:
"The aLTEr attack exploits the fact that LTE user data is encrypted in counter mode (AES-CTR) but not integrity protected, which allows us to modify the message payload: the encryption algorithm is malleable, and an adversary can modify a ciphertext into another ciphertext which later decrypts to a related plaintext."
The aLTEr flaw allows an attacker to pretend to be a real cell tower, while also pretending to be the target to the real network. Then the attacker can intercept the communications between the target and the real network.
The first solution to fix this specification flaw would be for all carriers to band together, update the specification to use an encryption protocol with authentication such as AES-GCM or ChaCha20-Poly1305. However, the researchers don’t believe most carriers will bother to do this.
Another solution would be for all websites to adopt the HTTP Strict Transport Security security policy mechanism, which would prevent an attacker from redirecting users to a malicious website. However, this solution wouldn’t solve the problem of attackers intercepting calls and SMS/RCS texts.
5G Wireless Also Vulnerable
The security researchers said that although 5G supports authenticated encryption, it’s not mandatory, which likely means most carriers don’t intend to implement it.
Additionally, the 3GPP group, which develops standards for the telecommunications industry, said in response to the aLTEr attack disclosure that an update to the 5G specification may be difficult due to the fact that some carriers (such as Verizon and AT&T) have already started implementing a preliminary version of the 5G protocol. However, as the standard is not officially finished, that’s a risk those carriers have assumed by starting to implement it early.
The 3GPP security group will meet on August 20-24 in China to discuss this issue.