Researchers find 36 new security flaws in LTE protocol

4G LTE antenna

A group of academics from South Korea have identified 36 new vulnerabilities in the Long-Term Evolution (LTE) standard used by thousands of mobile networks and hundreds of millions of users across the world.

The vulnerabilities allow attackers to disrupt mobile base stations, block incoming calls to a device, disconnect users from a mobile network, send spoofed SMS messages, and eavesdrop and manipulate user data traffic.

They were discovered by a four-person research team from the Korea Advanced Institute of Science and Technology Constitution (KAIST), and documented in a research paper they intend to present at the IEEE Symposium on Security and Privacy in late May 2019.

Vulnerabilities found using fuzzing

The research team’s discoveries aren’t exactly new. Several academic groups have identified similar vulnerabilities in LTE over the past years on numerous occasions –July 2018, June 2018, March 2018, June 2017, July 2016, October 2015 (paper authored by another KAIST team).

Coinbase 4

These vulnerabilities have been the driving force behind efforts to create the new and improved 5G standard –which, unfortunately, isn’t that secure either, with some researchers already poking holes in it as well.

But what stands out from previous work is the sheer number of vulnerabilities the KAIST team discovered, and the way they did it.

The Korean researchers said they found 51 LTE vulnerabilities, of which 36 are new, and 15 have been first identified by other research groups in the past.

They discovered this sheer number of flaws by using a technique known as fuzzing –a code testing method that inputs a large quantity of random data into an application and analyzes the output for abnormalities, which, in turn, give developers a hint about the presence of possible bugs.

Fuzzing has been used for years, but mainly with desktop and server software, and very rarely for everything else.

KAIST built its own LTE fuzzer

According to the KAIST paper, seen by ZDNet prior to the IEEE presentation, researchers built a semi-automated testing tool named LTEFuzz, which they used to craft malicious connections to a mobile network, and then analyze the network’s response.

The resulting vulnerabilities, see image below or this Google Docs sheet, were located in both the design and implementation of the LTE standard among the different carriers and device vendors.

LTEFuzz results

LTEFuzz results

Image: Kim et al.

The KAIST team said it notified both the 3GPP (industry body behind LTE standard) and the GSMA (industry body that represents mobile operators), but also the corresponding baseband chipset vendors and network equipment vendors on whose hardware they performed the LTEFuzz tests.

Because the flaws reside in both the protocol itself and how some vendors have implemented LTE in their devices, researchers believe many other flaws still exist in the real world.

Furthermore, their fuzz testing procedures worked with LTE connections in their initial states, before any exchange of cryptographic keys, meaning more security flaws may be waiting to be discovered in future tests, which researchers said they plan to undertake.

Additional details can be found in the KAIST team’s paper, entitled “Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane.”

More vulnerability reports:

Researchers find 36 new security flaws in LTE protocol 3
blank
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

blank

E-Crypto News Executive Interviews


blank

bitcoin
Bitcoin (BTC) $ 39,075.00
ethereum
Ethereum (ETH) $ 2,621.52
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 329.83
cardano
Cardano (ADA) $ 1.36
xrp
XRP (XRP) $ 0.719950
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.198784
polkadot
Polkadot (DOT) $ 18.45
binance-usd
Binance USD (BUSD) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 39,075.00
ethereumEthereum (ETH)
$ 2,621.52
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 539.32
litecoinLitecoin (LTC)
$ 141.44
bitcoinBitcoin (BTC)
32.884,50
ethereumEthereum (ETH)
2.206,20
tetherTether (USDT)
0,841574
bitcoin-cashBitcoin Cash (BCH)
453,88
litecoinLitecoin (LTC)
119,03
bitcoinBitcoin (BTC)
28,124.43
ethereumEthereum (ETH)
1,886.85
tetherTether (USDT)
0.719755
bitcoin-cashBitcoin Cash (BCH)
388.18
litecoinLitecoin (LTC)
101.80

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

blank
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
blank
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020

Blockchain/Cryptocurrency Questions and Answers

Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021
blank
What Is Plethori Platform And How Does It Work?
June 12, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin39,194 0.47 % 2.33 % 0.30 %
Ethereum2,643.5 1.30 % 5.12 % 15.31 %
Tether1.000 0.04 % 0.14 % 0.29 %
Binance Coin331.13 0.63 % 2.82 % 5.63 %
Cardano1.360 0.12 % 1.63 % 7.19 %
XRP0.7246 0.58 % 1.25 % 12.81 %
USD Coin1.000 0.15 % 0.17 % 0.13 %
Dogecoin0.2000 0.41 % 1.43 % 2.24 %
Polkadot18.60 0.73 % 6.72 % 29.86 %
Binance USD1.000 0.30 % 0.35 % 0.32 %

bitcoin
Bitcoin (BTC) $ 39,434.00
ethereum
Ethereum (ETH) $ 2,676.83
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 333.21
cardano
Cardano (ADA) $ 1.37
xrp
XRP (XRP) $ 0.729480
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.201198
polkadot
Polkadot (DOT) $ 18.80
binance-usd
Binance USD (BUSD) $ 1.01