Multiple new vulnerabilities in 4G networks may cause server crashes (paper attached)

US researchers recently discovered 10 new vulnerabilities in 4G LTE networks that could be used by attackers to send fake messages to groups and possibly paralyze servers. The researchers called on relevant parties to work together to plug these vulnerabilities.

LTE is short for "Long Term Evolution" and is a type of 4G network technology. Purdue University in the United States recently announced that researchers from the university and their counterparts at the University of Iowa used a tool called "LTE Inspector" to discover these vulnerabilities in 4G LTE networks. The researchers said that this tool can systematically analyze the processes of "connection", "disconnection" and "paging" in 4G LTE networks for the first time.

[[222895]]

Researchers said that these vulnerabilities can be used to launch various forms of attacks, such as hijacking the target device's paging channel, sending fake emergency messages to a large number of devices, forcing devices to perform certain operations to drain their batteries, and blocking the device's connection to the core network. In addition, these vulnerabilities can also allow attackers to access the core network without authentication, and launch a "denial of service attack" after obtaining user address information, causing the server to crash.

The researchers tested eight of the 10 new vulnerabilities, proving that fixing them is not easy. Patching existing systems without breaking backward compatibility is difficult to prevent attacks under extreme conditions. To solve the related problems, it may be necessary to readjust the overall architecture of the 4G LTE network.

The researchers called on equipment manufacturers and network providers to work together to update the entire system of 4G LTE networks to plug these vulnerabilities.

paper:

[[222896]]

[[222897]]

[[222898]]

[[222899]]

[[222900]]