LTE protocol found containing security flaws

In the latest research, A four-person research team from the Korean Advanced Institute of Science and Technology Constitution (KAIST) has revealed that there are 51 security flaws in the LTE standards. Of these, 36 have been identified as new vulnerabilities. The protocol is used by numerous mobile networks and hundreds of thousands of mobile users across the world.

The vulnerabilities can allow attackers to perform a range of malicious activities that include disrupting mobile base stations, blocking incoming calls, disconnecting users from a mobile network, sending spoofed SMS messages and eavesdropping and manipulating user data traffic. Some of these vulnerabilities are not new and have been identified over the past years - July 2018, June 2018, March 2018, June 2017, July 2016 and October 2015.

According to the KAIST paper, these vulnerabilities have been discovered using a semi-automated testing tool named LTEFuzz. The tool, working on Fuzzing technique, was used to craft malicious connections to a mobile network and then analyze the network’s response. These vulnerabilities are believed to be a driving force in the on going research to create a new and improved 5G standard.

Following the discovery of vulnerabilities, KAIST researchers have notified both 3GPP (industry body behind LTE standard) and GSMA (industry body that represents mobile operators). Additionally, the affected baseband chipset vendors and network equipment vendors have also been informed about the issue. Researchers noted that the flaw not only exists in the protocol but also resides in how some vendors have implemented LTE in their devices.