LTE vulnerability lets ghost telephonists hijack your phone: research

Image credit: Burhan Bunardi / Shutterstock.com

ITEM: Researchers from Chinese security company 360 Technology say they’ve found a vulnerability in LTE networks that enables bad guys to hack your smartphone and take over your phone number.

According to Cnet, 360 Technology’s “Unicorn Team” – presenting at the recent Black Hat security conference in Las Vegas – said they had found a way to hack into phones when they drop from an LTE network to a 2G network during a voice call:

The hack works because of the way your phone rushes to keep a connection running when it switches between network technologies, said Lin Huang, one of the researchers on the team.

Typically, when a phone wants to connect to a wireless network, it needs to send an authentication codes that identify it as the correct phone using your number, the researchers said.

But, when a phone switches between slower and faster technologies, it skips that authentication step, Huang’s team found, in order to keep your connection as stable as possible.

The consequence is that a hacker can gain access to your smartphone and use it to send voice calls and SMS using your phone number.

Like this:

Note that the hacker and victim don’t have to be using the same network, according to the above demo.

Unicorn Team calls it a “Ghost Telephonist” attack – an apropos name in part because all of this is invisible to the victim.

The hack is particularly dangerous because more people these days use their phone number as a security token for online accounts. Unicorn Team made the point by demonstrating how a hacker could use the attack to find the victim’s Facebook account and change their password.

The research team says they have notified the GSMA of the vulnerability (as well as the operators whose networks they used for the demo), noting that the only fix – apart from keeping your phone in airplane mode all the time – is for operators to fix the authentication process for 4G/2G fallback.

It's only fair to share...Tweet about this on TwitterShare on LinkedInShare on FacebookPin on PinterestDigg thisShare on Google+Share on RedditEmail this to someone
John C. Tanner
About John C. Tanner 248 Articles

John Tanner has been covering the Asia-Pacific telecoms industry since 1996. He has two degrees in telecommunications, and worked for six years in the US radio industry in various technical and advisory capacities, covering radio and satellite equipment maintenance, studio networking, news writing and production, the latter of which earned him several regional and national awards.

Be the first to comment

What do you think?