Live 4G LTE Vulnerability Allows Hackers To Eavesdrop On Calls, Read Texts And Track Phones Via GPS On Any Network
Zhang demonstrated the active vulnerability at the Ruxcon hacking conference, which was held in Melbourne, Australia over the weekend. Speaking at the conference, Zhang explained, “You can create a denial of service attack against cellphones by forcing phones into fake networks with no services.” She went on to describe, “You can make malicious calls and SMS [or] eavesdrop on all voice and data traffic.”
The vulnerability takes advantage of a seemingly well-meaning failsafe incorporated into LTE networks for use in emergency situations. The failsafe is supposed to provide network redundancy in case cell towers become overloaded in the presence of, for example, a natural disaster. In this case, it may be necessary to redirect a user’s phone to another tower that isn’t at capacity.
However, this handoff can allow hackers using femotocells disguised as legitimate towers (or at least appear that way your phone’s cellular modem) to gain access to your device using a man-in-the-middle attack. The attack first downgrades your LTE connection to a 3G connection, and from there downgrades it even further two 2G. Given that 2G networks are readily ripe for exploitation, it would seem that it would be a no-brainer solution to tackle such a vulnerability as soon as possible.
You think that would be the case, but the Third Generation Partnership Project (3GPP) telecommunications governing body has known about this exploit for a decade and has done nothing about it. 3GPP has acknowledged the scope, verified its voracity, but “accepts it as a risk” according to The Register.