Researchers at an Abu Dhabi university revealed details about a set of vulnerabilities in the information transfer mechanism that underlies modern telephone networks. According to the report, threat actors can exploit these flaws to deploy denial of service (DoS) and Man-in-The-Middle (MiTM) attacks using a few pieces of hardware.

Experts Evangelos Bitsikas and Christina Pöpper mention that these failures can occur in all kinds of scenarios as long as some general conditions are met. In addition, the problems lie in all generations of network infrastructure, from 2G to 5G.

Handover is the fundamental mechanism in any modern cellular network implementation, and is described as the process of transferring a subscriber during a call or data transfer session from one base station to another. Handover plays a critical role in establishing cellular communications, especially when the user is on the move.

Generally speaking, the process starts with the user’s device sending data on the signal strength to the network to determine if a handover is needed and; if necessary, it facilitates switching when a more suitable base station is found. Although signal strength reports are encrypted, their content is not verified, so threat actors could force a device to connect to a base station under their control.

The attack starts from the premise that the original base station cannot process incorrect values in the signal strength report, which increases the likelihood of a malicious handover.

The disadvantage for threat actors is that before initiating an attack it is required to perform a detailed reconnaissance of the target, using a smartphone specially designed to collect data from nearby base stations and make the attack possible. Attackers must then force the victim’s device to connect to the fake base station by transmitting the blocks of service information needed to help the phone connect to the network.

During the experiment, the researchers found that all the devices tested (OnePlus 6, Apple iPhone 5, Samsung S10 5G and Huawei Pro P40 5G) are vulnerable to DoS and MitM attacks, so they believe further research is needed to determine how possible the exploitation of these flaws is at a widespread level.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post New critical vulnerabilities discovered in 2G, 3G, 4G, LTE & 5G networks appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

3 critical vulnerabilities in Netgear DGN-2200v1 series routers allows cyber criminals to spy to wifi traffic

Netgear security teams announced the correction of three security flaws in their…

Patch these new 8 critical vulnerabilities in Samba

Information security specialists reported the detection of 8 security vulnerabilities in Samba,…

Critical denial of service (DoS) vulnerabilities affecting Siemens industrial PLC devices used in thousands of industrial plants

In its latest security alert, Siemens announced the release of patches to…

Critical remote code execution vulnerabilities in TP-Link Archer C90 and TL-WA1201 routers

Cybersecurity specialists report the detection of two critical vulnerabilities in some router…