4G loopholes cannot be plugged and 5G cannot be the savior

Two American universities have discovered a large number of new vulnerabilities in 4G LTE networks, which can trigger 10 types of attacks. Compared with the past, the author found that this is not the first time that vulnerabilities have been exposed in LTE networks. Industry experts believe that this problem can only be solved after 5G is launched, but the author believes that it will be difficult to solve even if 5G arrives.

[[221669]]

Protocol loopholes are fundamental

LTE is the long-term evolution of the technical standards for mobile communication systems developed by the 3GPP organization. Now, various communication technologies have evolved from different LTE systems, including 3G LTE, 4G LTE, VoLTE and LTE-Advanced. The long-term goal of LTE technology is to realize IP-based networks. Its interfaces are incompatible with 2G networks, but 3G, 4G and even 5G in the future can achieve smooth upgrades and technical compatibility. This compatibility not only improves user experience, but also includes the use of a large number of key technologies. For example, 4G OFDM, MIMO and other technologies may continue to be used in 5G networks, so the long-term evolution of LTE will become smoother.

But the problem is that after the cryptographic vulnerability was discovered last year, the 2G network that is incompatible with LTE has become more secure. Moreover, the long-term evolution of LTE has not only brought about technological upgrades, but also brought about vulnerability upgrades. For example, the technical vulnerability caused by VoLTE is likely to be an inevitable vulnerability upgrade after technological evolution.

4G addiction

At present, LTE technology has become an essential technology in the field of mobile communications, and the number of users has almost achieved full coverage. The 4G population coverage rate in my country has exceeded 99%. LTE has made Chinese users rely on data traffic. When LTE technology was launched, it was believed that it would be much faster and safer than its predecessors. However, with the release of 5G, LTE's speed has indeed exceeded 2G, but its security has not been satisfactory.

[[221670]]

4G has become popular and we are dependent on it, but it has also caused problems

The trouble is that LTE has been plagued by vulnerabilities, but there are few truly reliable solutions. The more users rely on it, the harder it is to plug the holes. The x86 vulnerability is still fresh in our memory. If LTE becomes the second x86 chip vulnerability, its impact will be even more far-reaching. Therefore, industry experts generally believe that only 5G can solve the problem and become the savior.

About the vulnerability

The new vulnerabilities found in 4G LTE may be used to simulate the identities of existing users to launch relay attacks. Although such attacks are not uncommon, they are very threatening. Once the vulnerabilities are exploited by attackers, user information may be stolen or intercepted, phone calls may be eavesdropped, network connections may be interrupted, devices may be offline, user locations may be locked, and false alarms may be issued. Researchers found that most of these attacks are caused by the lack of proper identity authentication, encryption, and protocol information playback protection. Moreover, anyone can launch attacks through the open source 4G LTE protocol software.

[[221671]]

Dangerous vulnerabilities are strikingly similar

In July last year, 4G LTE was also exposed to have dangerous vulnerabilities, which even affected 3G networks. At that time, researchers said that there were cryptographic vulnerabilities in the protocols used by 3G and 4G LTE, which allowed user devices to connect directly to operators, and attackers could monitor user behavior and track their geographic locations when consumers made calls or sent text messages. Although this vulnerability would not leak the content of calls and text messages, it had a wide range of impact, affecting almost all operators and most devices in the world.

Coincidentally, in 2015, the two major US operators were exposed to have serious vulnerabilities in the VoLTE technology they used, which could lead to user conversations being eavesdropped on, silent calls being made, and even the network being controlled, leading to DDoS attacks.

[[221672]]

5G is not the savior

5G network has not been launched yet, but it has caused a stir. The 5G standard is also formulated by 3GPP, and its speed will crush 4G LTE. Moreover, the 5G network, which has not yet been fully announced, has seen the existing 4G LTE loopholes, so it will definitely avoid these problems when it is formulated. But can this save the world?

According to the data released by the Ministry of Industry and Information Technology in January this year, 4G users account for nearly 70% of mobile users in my country. However, from a global perspective, there were 7.6 billion mobile devices connected to the Internet last year, of which only 1.9 billion were LTE. Despite the rapid growth, it is expected that the global market share of LTE users will only reach 53% by 2021. However, 5G will be commercially available in 2020, and it is not a good idea to expect the remaining 47% of users to jump directly from 3G to 5G.

[[221673]]

From this point of view, it takes a long transition period for users to accept new technologies. When 4G was just popularized in my country, there was even a situation where users switched back to 3G because the network traffic was used too quickly. The popularization of 5G will undoubtedly face similar problems. By then, 4G LTE will probably continue to play a leading role for a long time.

Today, the LTE network vulnerability has not yet erupted partly because of the efforts of operators and related technical personnel. On the other hand, it is also because the reliable means of attacking by exploiting the vulnerability have not yet been used by hackers. After all, the current attack cost of US$1,300 to US$3,900 can easily make the attacker lose more than the gain.

Conclusion

However, a vulnerability is a vulnerability, and giving attackers the opportunity to research the vulnerability for a long time is a situation that no user can bear.