Friday, November 13, 2015
Black Hat Europe: Researchers demonstrate how to bypass LTE/4G security
LTE (4G) is more secure than GSM (2G) and UMTS (3G) but that doesn't make it impervious to International Mobile Subscriber Identity (IMSI) catchers. That's the conclusion of a presentation due to be given at Black Hat Europe this week, by Ravishankar Borgaonkar, Altaf Shaik, N. Asokan, Valtteri Niemi and Jean-Pierre Seifert. To prove the point, the researchers will build an LTE IMSI catcher and demonstrate how "most popular phones" fail the test courtesy of vulnerabilities in baseband software and deployed networks that bypass enhanced LTE security measures. If that weren't enough, the same team reckon it has also managed to perform what it describes as being rudimentary Denial of Service (DoS) attacks that effectively block the LTE signal and force the handset to dropdown to a 3G or 2G connection on demand.