Researchers have now found the weakness in LTE, they have discovered that attackers can hijack browsing session which redirects users to malicious websites and spy on their activity to find which websites they visit through LTE enabled device. LTE, short name for Long Term Evolution, a standard for mobile communication also known as 4G is used by millions of users across the globe. According to researchers, three methods of attacking the data link layer of LTE connection are possible, first two are passive attacks that perform identity mapping and website fingerprinting. The third attack is termed as ‘aLTEr’ by the researchers.
‘aLTEr’, an active attack, breach the data link layer of LTE. It allows the attackers to grab the browsing session of the users and also redirects network requests vis DNS spoofing. Researchers say that the attack in not integrity based so it is impossible to differentiate between ‘aLTEr’ and areal user. ‘aLTEr’ pretends to be real user it wants to attack by creating cell tower. The fake cell tower can take requests from the users and pass the request to real cell towers. But before passing the request, it alters the bits of the encrypted packet, The attackers, later decode the packet and again encrypt it with a new DNS and redirect it to malicious websites.
‘aLTEr’ has limitations, it requires a setup worth $4000 and the device must be within a 1-mile radius of the attacker. So conducting this active attack is not an easy task but it is also real fact that ‘aLTEr’ is a useful technique for attackers with all the necessary equipment. However, one can safeguard from the attack by using ‘HTTPS’. Always remember to check the secure text mentioned near the address bar and avoid trusting a website labeled as “Not Secure” by your browser.
