University Crest

[wlug] Researchers Find 36 New Security Flaws In LTE Protocol

 
wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Peter Reutemann fracpete@w...
Fri Mar 29 11:01:39 NZDT 2019


'A group of academics from South Korea have identified 36 new
vulnerabilities in the Long-Term Evolution (LTE) standard used by
thousands of mobile networks and hundreds of millions of users across
the world. The vulnerabilities allow attackers to disrupt mobile base
stations, block incoming calls to a device, disconnect users from a
mobile network, send spoofed SMS messages, and eavesdrop and
manipulate user data traffic. They were discovered by a four-person
research team from the Korea Advanced Institute of Science and
Technology Constitution (KAIST), and documented in a research paper
they intend to present at the IEEE Symposium on Security and Privacy
in late May 2019.

The Korean researchers said they found 51 LTE vulnerabilities, of
which 36 are new, and 15 have been first identified by other research
groups in the past. They discovered this sheer number of flaws by
using a technique known as fuzzing --a code testing method that inputs
a large quantity of random data into an application and analyzes the
output for abnormalities, which, in turn, give developers a hint about
the presence of possible bugs. The resulting vulnerabilities, see
image below or this Google Docs sheet, were located in both the design
and implementation of the LTE standard among the different carriers
and device vendors. The KAIST team said it notified both the 3GPP
(industry body behind LTE standard) and the GSMA (industry body that
represents mobile operators), but also the corresponding baseband
chipset vendors and network equipment vendors on whose hardware they
performed the LTEFuzz tests.'

-- source: https://it.slashdot.org/story/19/03/28/2035257

Cheers, Peter
-- 
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174
http://www.cms.waikato.ac.nz/~fracpete/
http://www.data-mining.co.nz/


More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato