Permanent LTE exploits steer users to rogue websites

Sponsored Links

Daniel Acker/Bloomberg via Getty Images
Daniel Acker/Bloomberg via Getty Images

LTE was theoretically supposed to fix the security holes baked into earlier wireless standards, but it isn't completely immune. An international team of researchers has discovered a attack methods (nicknamed aLTEr) that takes advantage of inherent flaws in LTE to direct users to hostile websites. An active exploit uses the lack of integrity checks in LTE's lower layers to modify the text inside a data packet. Since that's easy to determine with DNS packets, which direct traffic to website addresses, you can steer requests to malicious DNS servers and thus take the user to a website of your choice.

A passive attack, meanwhile, uses a sniffing device near the user to intercept leaked info about a user's LTE data transmissions (when and how much data they use, for instance) and compares those to data 'fingerprints' for popular websites. If there's a match, you know where they're going despite encryption ostensibly keeping the destination a secret.

These attacks aren't exactly trivial. You need to be physically close to your target, and sniffing hardware isn't cheap (Ars Technica places the cost at roughly $4,000). Whoever uses the attacks will likely be either a committed thief or a surveillance agency. The problem, as you might have gathered, is that you can't patch against this. Your best bet is to only visit sites using HTTP Strict Transport Security or DNS Security extensions, and that isn't always easy. Although the like of facing an attack isn't that high, there might not be a permanent solution until you're using 5G.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget