A new report from mobile and Linux security experts suggests that 4G LTE cellular communications might have several fairly serious security faults built right in. Two vulnerabilities outlined in the report are passive, which means that attackers who exploit them would be able to watch LTE traffic packets before determining certain details about the target they’re monitoring.
These potential exploits are concerning for the same reason that many recent semiconductor-based vulnerabilities have been so pressing to researchers. Crackers could figure out private information about mobile device users as soon as they’ve collected the appropriate packets, just like those who abuse microchip design have been able to do the same thing with desktops and servers as of late.
Both of these attackers permit crackers to collect metadata about the traffic sent from a smartphone or cellular-connected tablet. Those who use portable PCs with cellular devices attached to them might also be transmitting packets filled with metadata that could be intercepted by someone who had wanted to carry out an attack in this fashion.
Nevertheless, these aren’t the most serious problems that the new report outlines, even if they are issues that may need to be patched in the near future.
Another potential exploit allows an attacker to actively manipulate data sent to a user’s 4G LTE-connected device. While it’s more than likely not feasible outside of a laboratory at the moment, some researchers have been able to redirect test devices to malicious sites by abusing the way that LTE relays can call HTTP servers.
Even if these attacks could become possible outside of ideal laboratory conditions, they would require physical proximity to a victim in order to carry it out. This limits the possibility that they’ll ever be performed on a large scale.
However, the sheer fact that researchers were able to do so helps to illustrate the fact that more mitigations will be necessary in order to ensure secure digital ecosystems in the near future.
Though users may not currently be at risk, it’s possible that some flaws impact the upcoming 5G standard as well, which means that coders will probably be working on ways to prevent these from ever turnings into problems in the wild before 5G phones become common.