Live 4G LTE Vulnerability Allows Hackers To Eavesdrop On Calls, Read Texts And Track Phones Via GPS On Any Network

by Brandon Hill — Monday, October 24, 2016, 05:20 PM EDT

If you own an LTE smartphone, you might want to pay close attention. Wanqiao Zhang, a security researcher with Chinese firm Qihoo 360 has demonstrated a vulnerability that can compromises any 4G LTE network around the globe. The attack is so devastating that a hacker with enough resources has the ability to not only hijack your phone calls and text messages, but even track your location at any time.

Zhang demonstrated the active vulnerability at the Ruxcon hacking conference, which was held in Melbourne, Australia over the weekend. Speaking at the conference, Zhang explained, “You can create a denial of service attack against cellphones by forcing phones into fake networks with no services.” She went on to describe, “You can make malicious calls and SMS [or] eavesdrop on all voice and data traffic.”

The vulnerability takes advantage of a seemingly well-meaning failsafe incorporated into LTE networks for use in emergency situations. The failsafe is supposed to provide network redundancy in case cell towers become overloaded in the presence of, for example, a natural disaster. In this case, it may be necessary to redirect a user’s phone to another tower that isn’t at capacity.

However, this handoff can allow hackers using femotocells disguised as legitimate towers (or at least appear that way your phone’s cellular modem) to gain access to your device using a man-in-the-middle attack. The attack first downgrades your LTE connection to a 3G connection, and from there downgrades it even further two 2G. Given that 2G networks are readily ripe for exploitation, it would seem that it would be a no-brainer solution to tackle such a vulnerability as soon as possible.

You think that would be the case, but the Third Generation Partnership Project (3GPP) telecommunications governing body has known about this exploit for a decade and has done nothing about it. 3GPP has acknowledged the scope, verified its voracity, but “accepts it as a risk” according to The Register.

Tags: (NYSE:VZ), (NYSE:T), (NYSE:S), (NYSE:TMUS), wanqiao zhang, qihoo 360, 3gpp

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.