Researchers find safety leak in LTE networks

Researchers find safety leak in LTE networks
About Author
Christian Boas

Chinese security researchers from 360 Technology’s “Unicorn Team” have revealed a serious security gap in the LTE networks at the Black Hat USA 2017 Hackers’ Conference in Las Vegas. At a demonstration in front of the gathered industry colleagues, they also immediately demonstrated an “evil attack” with the term “Ghost Telephonist”. This exploits the found leak, in order to hijack the handynummer of a user and in this way to spy on all his telephone calls and SMS messages.

weak spot
“On the basis of this weakness, several different areas can be attacked,” cited the state’s Chinese news portal Xinhua Huang Lin, a member of the Unicorn team specializing in wireless security research. Strictly speaking, this is a security leak in the area of ​​the Circuit Switched Fallback (short CSFB), a technology that is used in the course of the use of voice over LTE, VoLTE for short. “We have already reported this vulnerability to the Global System for Mobile Communications Alliance,” the researcher said.

GMail password reset
As part of their demonstration, Lin and his colleagues showed a scenario where an attacker could only reset the password of a Google account using a stolen handyname. After the Unicorn team had captured the communication of the user, they logged into the GMail account of the victim and clicked on “Forgotten password”. The verification codes sent by Google were then easily intercepted. “The user remains online on the 4G network and does not notice anything,” the experts conclude.

To Top