Latest in Gear

Image credit: Daniel Acker/Bloomberg via Getty Images

Permanent LTE exploits steer users to rogue websites

1167 Shares
Share
Tweet
Share

Sponsored Links

Daniel Acker/Bloomberg via Getty Images

LTE was theoretically supposed to fix the security holes baked into earlier wireless standards, but it isn't completely immune. An international team of researchers has discovered a attack methods (nicknamed aLTEr) that takes advantage of inherent flaws in LTE to direct users to hostile websites. An active exploit uses the lack of integrity checks in LTE's lower layers to modify the text inside a data packet. Since that's easy to determine with DNS packets, which direct traffic to website addresses, you can steer requests to malicious DNS servers and thus take the user to a website of your choice.

A passive attack, meanwhile, uses a sniffing device near the user to intercept leaked info about a user's LTE data transmissions (when and how much data they use, for instance) and compares those to data 'fingerprints' for popular websites. If there's a match, you know where they're going despite encryption ostensibly keeping the destination a secret.

These attacks aren't exactly trivial. You need to be physically close to your target, and sniffing hardware isn't cheap (Ars Technica places the cost at roughly $4,000). Whoever uses the attacks will likely be either a committed thief or a surveillance agency. The problem, as you might have gathered, is that you can't patch against this. Your best bet is to only visit sites using HTTP Strict Transport Security or DNS Security extensions, and that isn't always easy. Although the like of facing an attack isn't that high, there might not be a permanent solution until you're using 5G.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1167 Shares
Share
Tweet
Share

Popular on Engadget

Windows users can now log in using Yubico security keys

Windows users can now log in using Yubico security keys

View
Watch NASA's first all-woman spacewalk

Watch NASA's first all-woman spacewalk

View
US military will no longer use floppy disks to coordinate nuke launches

US military will no longer use floppy disks to coordinate nuke launches

View
SpaceX begins construction of its next-generation Starship rockets

SpaceX begins construction of its next-generation Starship rockets

View
Lebanon plans to charge a fee for internet voice calls

Lebanon plans to charge a fee for internet voice calls

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr