Researchers Find 36 New Security Flaws In LTE Protocol (zdnet.com) 23
An anonymous reader quotes a report from ZDNet: A group of academics from South Korea have identified 36 new vulnerabilities in the Long-Term Evolution (LTE) standard used by thousands of mobile networks and hundreds of millions of users across the world. The vulnerabilities allow attackers to disrupt mobile base stations, block incoming calls to a device, disconnect users from a mobile network, send spoofed SMS messages, and eavesdrop and manipulate user data traffic. They were discovered by a four-person research team from the Korea Advanced Institute of Science and Technology Constitution (KAIST), and documented in a research paper they intend to present at the IEEE Symposium on Security and Privacy in late May 2019.
The Korean researchers said they found 51 LTE vulnerabilities, of which 36 are new, and 15 have been first identified by other research groups in the past. They discovered this sheer number of flaws by using a technique known as fuzzing --a code testing method that inputs a large quantity of random data into an application and analyzes the output for abnormalities, which, in turn, give developers a hint about the presence of possible bugs. The resulting vulnerabilities, see image below or this Google Docs sheet, were located in both the design and implementation of the LTE standard among the different carriers and device vendors. The KAIST team said it notified both the 3GPP (industry body behind LTE standard) and the GSMA (industry body that represents mobile operators), but also the corresponding baseband chipset vendors and network equipment vendors on whose hardware they performed the LTEFuzz tests.
The Korean researchers said they found 51 LTE vulnerabilities, of which 36 are new, and 15 have been first identified by other research groups in the past. They discovered this sheer number of flaws by using a technique known as fuzzing --a code testing method that inputs a large quantity of random data into an application and analyzes the output for abnormalities, which, in turn, give developers a hint about the presence of possible bugs. The resulting vulnerabilities, see image below or this Google Docs sheet, were located in both the design and implementation of the LTE standard among the different carriers and device vendors. The KAIST team said it notified both the 3GPP (industry body behind LTE standard) and the GSMA (industry body that represents mobile operators), but also the corresponding baseband chipset vendors and network equipment vendors on whose hardware they performed the LTEFuzz tests.
Narrators Voice (Score:5, Funny)
"Eventually, it turned out LTE was more flaw than protocol".
Re: (Score:1)
"35 of these were ultimately determined to be intentionally planted vulnerabilities."
That's the spirit! (Score:1)
More responses along these lines please!
Heckler's voice (Score:1)
Okay, so are these flaws in the protocol proper or in the implementations?
If the former, who the fuck let these clowns "design" this thing?
A tricky line (Score:2)
Okay, so are these flaws in the protocol proper or in the implementations?
Although I posted in jest, this is a really good question...
I would argue that it's hard to really say something is purely an "implementation bug" in a system where the protocol is so complex, many implementation flaws are pretty much inevitable.
Designing a spec at the level of LTE though, I'm not sure it's really possible to design without a lot of complexity though, so in reality although I joke I personally cut the protocol designe
I disagree (Score:1)
The telco boys have historically tended to put too much complexity in what they create. The internet and ethernet boys tended to go for too little, then try and "fix it in software, later", that really doesn't work too well either.
But I'd think that with the fifth generation, positioning itself in name already for the long run, giving themselves a greenfield yet again, they'd learned to find some sort of middle way. Complexity in the right places, no complexity where it doesn't need to be. And, yeah, a soli
Good thing i use AT&T 5G E (Score:4, Funny)
Well, Im find as I dont use LTE I am using 5G E from AT&T
You folks stuck with 4G LTE are screwed now!
What's the worst that could happen? (Score:2)
51 vulns? So what? I mean, it's not like someone could use this to exploit millions upon millions of handheld computers, right? right? guys? -_-
Confusing article (Score:3)
The article mixes up bugs in the standard with bugs in software. Fuzzing is a technique used to attack specific software implementations not standards. It looks like they did both, but the article mixes up terms.