South Korea researchers find 36 new Mobile security vulnerabilities in LTE


A group of researchers from Korean Advanced Institute of Science and Technology Constitution (KAIST) based in South Korea claims that they have identified over 51 mobile security vulnerabilities in LTE mobile data protocol of which 36 happen to be new.

Note 1- LTE stands for Long Term Evolution (LTE) standard used by millions of mobile users across the world to quench their mobile internet needs over the radio interface. Some telecom carriers use the term called LTE to market their 4G or advanced 4G networks which are technically incorrect.

According to the study, the new security flaws found in LTE include blockage of incoming calls to a device, disconnect users from a mobile network, disrupt entire database of mobile users, sending spoofed text messages, controlling web traffic and eavesdrop on calls & on the whole network activity.

What’s more interesting in the research is the fact that the newly found vulnerabilities form a part of efforts to build a new and improvised 5G network standard which was recently affirmed as the most secure mode of communication by Trump administration.

Cybersecurity Insiders has learned that the researchers found the security flaws by using a technique called as Fuzzing- where huge quantities of data are induced into an application to track down the abnormalities in the output- which then helps security experts analyze any potential bugs.

Note 2- Till date Fuzzing has been used to discover anomalies in desktop and server software. Now, it has been acting as a base point to find out flaws in the LTE mobile network protocol.

The KAIST Team has recently notified the 3GPP and GSMA- the industrial bodies behind LTE standard; about the flaws. Also, they also informed their research logs to the baseband chipset offering companies and the network equipment vendors.

And the highlight of this research is that the Fuzz tests worked with LTE connections before any cryptographic keys exchange took place. So, in the near future more such flaws can be discovered on a further note.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display