Long-Term Evolution (LTE) was introduced in order to improve upon current mobile data network protocols. LTE combines performance goals with security and is used by both the general consumer and enterprise alike. As such, it requires a high level of resilience against attacks due to the potentially private nature of the data being transmitted. aLTEr is an attack written by David Rupprecht, Katharina Kohls, Thorsten Holz, and Christina Pöpper which abuses the second layer of LTE, known as the data link layer.
What is aLTEr?
aLTEr is an attack which abuses the second layer of LTE, known as the data link layer. It can allow an attacker to hijack your browsing session and also redirect your network requests via DNS spoofing. Is it dangerous? Yes, but it also requires about $4,000 worth of equipment to operate. What's more, it only works within a 1-mile radius of the attacker. You can check out the video below of how it was abused on a commercial LTE network to redirect Hotmail to a website that looks like Hotmail but is not Hotmail.
What is the data link layer of LTE?
The data link layer in this particular attack is what the researchers abused. This layer protects data through encryption, organizes how users access resources on the network, and helps to correct transmission errors. It's on top of the physical channel which maintains continuous transmission of data between client and cell tower.
How does aLTEr work?
aLTEr works by abusing an inherent design flaw of LTE, meaning that no, it cannot be patched. Observe the image below.
aLTEr works by creating a cell tower which masquerades as the user it's attempting to attack. This fake cell tower then takes the requests from the user and forwards them to the real cell tower, but not before modifying some key points of the data. Layers above the data link layer are protected via a mutual connection with the cell tower, but those below it are not. A user can then modify the DNS server requests that are sent to the cell tower, even if they are encrypted. This is because if you know the original DNS server, you can change what one it requests by decrypting the packet and re-encrypting it with a new DNS server to target. This is all in between the user and the cell tower, so neither end should be aware of what is happening.
But what does this mean? Well, you can create your own DNS server which points a web address to another IP. For example, XDA-Developers' IP address is 209.58.128.90. All a DNS server does is request that IP, so what if a DNS server lied and gave you another IP address? In a non-malicious sense, it could forward you to 64.233.177.94 instead, for example, which is Google's website in Ireland. There's a lot of control you can gain over a user by changing the DNS server.
How practical is aLTEr and am I safe?
Well, there's good news and bad news. The good news is as mentioned – this requires around $4,000 worth of hardware to do. Not something that people usually have lying around. This was tested in a very controlled environment, so there's no telling how it will work in real life. What's more, it would need to be a very targeted attack. The researchers estimate you would need to be within a mile radius of the target for it to work.
However, this attack is very practical. In theory, there's nothing stopping somebody investing a lot of money and time into implementing this attack in your locality. What's more, this cannot be patched as it would require overhauling the entire LTE protocol. The GSM Association and the 3rd Generation Partnership Project have both been notified, along with many other telephone companies that may benefit to be told about it.
So how can you protect yourself? The easiest way to do it is through the use of HTTPS. Always keep a lookout for that "Secure" text beside your address bar.
Left: Good / Right: Bad
Some of this is simple, but often users have a tendency to ignore the "Not secure" warning that our browsers give us. Never trust a website that Chrome says isn't secure, as it's very likely that it's trying to steal your data by either spoofing a real website or by lying to you. Sometimes having an expired certificate will still lead to your web browser saying that the site isn't secure, but it still shouldn't be trusted.
ArsTechnica contacted the GSM Association and received this statement.
Although LTE user traffic is encrypted over the radio interface and cannot be eavesdropped, it is not integrity protected. The research has shown that this lack of integrity protection can be exploited in certain circumstances using sophisticated radio equipment to modify user traffic. For example, when a user attempts to connect to a website that does not enforce the use of the HTTPS security protocol, the researchers have shown that it can be possible to re-direct users to a fake website.
Although the researchers have shown traffic modification to be feasible in a laboratory environment, there are a number of technical challenges to make it practical outside a laboratory. Mobile operators have fraud detection functions that can detect and react to certain attack scenarios, while several mobile applications and services use enforced HTTPS, which prevents traffic modification.
The GSMA does not believe that the specific technique demonstrated by the researchers has been used to target users in the past, nor is it likely to be used in the near future. However, as a result of this new research, the GSMA is working with the industry to investigate how to include the protection of the integrity of traffic and information (user plane integrity) in LTE. The 5G standards already include support for user plane integrity protection, and the GSMA is supporting the industry to ensure that it is fully deployed as 5G technology rolls out.
Officials with the 3rd Generation Partnership Project did not respond to a request for comment by ArsTechnica.
The researchers also discovered a number of passive exploits, including one that could identify with 89% +/- accuracy of what website a user was visiting based on what encrypted data was downloaded.
It's also worth noting that while it's technically possible that 5G will mitigate the issues, it will require specific hardware to be used in cell towers. You can check out the official website for aLTEr below.
We all very well know that Motorola has announced an event for 2nd August in Chicago where Moto Z3 and Motorola One Power might be showcased. With some new renders, we can expect another device to join them which could be called as Motorola One. According to the leaks, this handset will be a smaller sibling of the One Power but nothing is mention if the handset will be featuring a smaller screen or something else.
Unlike the metal rear on Moto One Power, this device will be having a glass back. The One will be getting a dual-tone LED flash while One Power has a single LED light on the rear. Apart from these, both the handset look exactly the same but we need to wait and see the specs sheet to know all the differences. The Moto One Power will be powered with a Qualcomm Snapdragon 636 processor and will come with a screen with 19:9 aspect ratio along with the Full HD+ resolution.
Both the handsets will come out of the box with Android 8.1 Oreo operating system and expected to get further updates also. The Moto One Power will have a 16MP primary rear camera with a secondary 5MP camera sensor while on the front there will be a 16MP shooter with f/1.9 aperture size. The Moto One power could be equipped with a 3780 mAh battery considering the past rumors and nothing is mentioned about the fingerprint sensor.
The Moto One will be launched in Black and White color variants along with few other options by the launch time and can expect this device to be unveiled on 2nd of August in Chicago. Are you interested in Motorola's event in Chicago? What all devices can we expect? Comment in the section below and stay tuned to Android Advices for similar news and updates.
This email has been sent by Froze ONE (isnanmm0@gmail.com). It is the potion result of 'Tech: Topic watch' from the dashboard 'Personal Dashboard', tab 'Tech > Android'.Unsubscribe
The Best Casinos & Gambling Sites in the US - Dr.D.C. Best Online 제천 출장샵 Casinos of 이천 출장샵 2021 · Best Casino Site 천안 출장샵 Reviews & Bonus Codes 2021 · Red Dog Casino – 상주 출장마사지 Best Overall Casino · Jackpot City – 시흥 출장마사지 Most Trusted Online
The Best Casinos & Gambling Sites in the US - Dr.D.C.
ReplyDeleteBest Online 제천 출장샵 Casinos of 이천 출장샵 2021 · Best Casino Site 천안 출장샵 Reviews & Bonus Codes 2021 · Red Dog Casino – 상주 출장마사지 Best Overall Casino · Jackpot City – 시흥 출장마사지 Most Trusted Online