Researchers Find New Security Flaws in LTE protocol
South Korean researchers apply fuzzing techniques to LTE protocol and find 51 vulnerabilities, of which 36 were new.
Researchers from South Korea have identified 36 brand new vulnerabilities in the Long-Term Evolution (LTE) standard thus used by thousands of mobile networks and hundreds of millions of users across the globe.
The vulnerabilities allow attackers to disrupt mobile base stations, blocking incoming calls to a device, disconnect users from the operators mobile network, send bogus SMS messages, and eavesdrop and manipulate/change the data of users traffic.
They were discovered by a four-person research team from the Korea Advanced Institute of Science and Technology Constitution (KAIST), and documented in a research paper they intend to present at the IEEE Symposium on Security and Privacy in late May 2019.
The Korean researchers said they found 51 LTE vulnerabilities, of which 36 are new, and 15 have been first identified by other research groups in the past. They discovered this sheer number of flaws by using a technique known as fuzzing, a code testing method that inputs a large quantity of random data into an application and analyzes the output for abnormalities, which, in turn, give developers a hint about the presence of possible bugs. Fuzzing has been used for years, but mainly with desktop and server software, and very rarely for everything else.
The KAIST team said it notified both the 3GPP (industry body behind LTE standard) and the GSMA (industry body that represents mobile operators), but also the corresponding baseband chipset vendors and network equipment vendors on whose hardware they performed the LTEFuzz tests.
Because the flaws reside in both the protocol itself and how some vendors have implemented LTE in their devices, researchers believe many other flaws still exist in the real world. According to researchers from France, Germany and Finland LTE doesn’t only have this issue, but you will find it partly in 5G alongside a new 5G-AKA vulnerability.
Researchers also looked deeper in the 5G-AKA protocol and found numerous other security issues, despite 3GPP and mobile telecommunications providers claiming that security would be at the top of their mind when designing 5G and you can read the research papers here [Paper-1, Paper-2, Paper-3].