LTE vulnerability lets ghost telephonists hijack your phone: research

Image credit: Burhan Bunardi /

ITEM: Researchers from Chinese security company 360 Technology say they’ve found a vulnerability in LTE networks that enables bad guys to hack your smartphone and take over your phone number.

According to Cnet, 360 Technology’s “Unicorn Team” – presenting at the recent Black Hat security conference in Las Vegas – said they had found a way to hack into phones when they drop from an LTE network to a 2G network during a voice call:

The hack works because of the way your phone rushes to keep a connection running when it switches between network technologies, said Lin Huang, one of the researchers on the team.

Typically, when a phone wants to connect to a wireless network, it needs to send an authentication codes that identify it as the correct phone using your number, the researchers said.

But, when a phone switches between slower and faster technologies, it skips that authentication step, Huang’s team found, in order to keep your connection as stable as possible.

The consequence is that a hacker can gain access to your smartphone and use it to send voice calls and SMS using your phone number.

Like this:

Note that the hacker and victim don’t have to be using the same network, according to the above demo.

Unicorn Team calls it a “Ghost Telephonist” attack – an apropos name in part because all of this is invisible to the victim.

The hack is particularly dangerous because more people these days use their phone number as a security token for online accounts. Unicorn Team made the point by demonstrating how a hacker could use the attack to find the victim’s Facebook account and change their password.

The research team says they have notified the GSMA of the vulnerability (as well as the operators whose networks they used for the demo), noting that the only fix – apart from keeping your phone in airplane mode all the time – is for operators to fix the authentication process for 4G/2G fallback.

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.