Vulnerabilities in outdated wireless infrastructure a constant security risk

Reliable, safe wireless communications are a cornerstone of our society, and with LTE still being actively deployed all over the world, securing these technologies should be priority #1. Hackers, cybercriminals and intelligence agencies are constantly looking for new ways to access and leverage wireless communication for nefarious goals. Now it looks like a major vulnerability (known as far back as 2005) is being successfully leveraged by both law enforcement and hackers to compromise wireless communications in millions of smartphones.

The Vulnerability

Smartphones nowadays employ different communications technologies, mainly 2g/3g/4G (LTE),  to provide a layer of redundancy(fallback networks) and extend coverage. But easily exploitable vulnerabilities exist within 2g (edge) encryption technologies that allow hackers to decipher and compromise communications. Combine that with another vulnerability in 4g and 3g that allows fake-cell towers (I.E hackers using SDR’s- Software-defined radios) to force smartphones to fall back onto 2g technologies, and we’ve got a recipe for disaster.

This software-defined radio, a computer and ~50m proximity are all that a hacker needs to eavesdrop on your communications

The applications

Nowadays, most hackers can come up with the ~1000$ needed for the SDR, antennae’s and other components needed to build a fake-cell tower. With this and some software magic, hackers can come up with their homemade fake-cell tower. What can he do with it? Look no further than the highly-controversial stingray system employed by law-enforcement agencies in the United States, which has been exploiting this exact vulnerability.

Surveillance: The most likely use of this technology is hackers attempting to gain valuable information. Considering the stealthy-ness of this hack (at most you’d notice your signal changing from 4g to 2g on the status bar), its best used in a manner where the victim is not aware to keep gathering information unbeknownst.

Infiltration: By pushing malicious payload to a mobile device, hackers can gain complete access to the compromised device and proliferate malware/payloads on unassuming networks.

DoS: Denial of service is increasingly becoming a problem in this digital age. By denying service to smartphones in a particular vicinity, unpopular governments/regimes for example, can cut wireless communications to the outside world in a specific location while they are undertaking covert operations.

Solutions

Carriers rely on 2g networks to cover the vast territories that exist within the USA, as well as a fallback network in problematic areas. So eliminating 2g is out of the question from many still. Propositions have been made, but are looking be too difficult to deploy, requiring not only carrier network updates, but user device hardware updates as well. One promising option is for carriers to release an OTA SIM update to disable specific vulnerable encryptions in 2g, but there are issues plaguing this solution as well. Perhaps this is a sign that our networks must evolve at an even faster pace, with vulnerable legacy technologies quickly being remedied or retired.