Never miss a story

Get subscribed to our newsletter


×
An attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator. Pixabay

Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity.

The vulnerability — which affects virtually all mobile phones, tablets and some connected household appliances — may also hamper investigations of law enforcement agencies because attackers can not only make purchases in the victim’s name but can also access websites using the victim’s identity.


For example, an attacker can upload secret company documents and to network operators or law enforcement authorities, it would look as if the victim is the perpetrator, said researchers from Ruhr-Universitat Bochum public university.

“An attacker can book services, for example stream shows, but the owner of the attacked phone would have to pay for them,” said Professor Thorsten Holz from Horst Gortz Institute for IT Security.

Only changing the hardware design would mitigate the threat. The team is attempting to close the security gap in the latest mobile communication standard 5G, which is currently rolled out.

“Mobile network operators would have to accept higher costs, as the additional protection generates more data during the transmission. In addition, all mobile phones would have to be replaced and the base station expanded. That is something that will not happen in the near future,” said David Rupprecht.

The problem is the lack of integrity protection: data packets are transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping.

However, it is possible to modify the exchanged data packets. “We don’t know what is where in the data packet, but we can trigger errors by changing bits from 0 to 1 or from 1 to 0,” said Rupprecht. By provoking such errors in the encrypted data packets, the researchers can make a mobile phone and the base station decrypt or encrypt messages.


Researchers have found a serious vulnerability in LTE/4G mobile communication standard that can help hackers impersonate other phone users, take a streaming service subscription at your expense or publish secret company documents under someone else’s identity. Pixabay

They not only can convert the encrypted data traffic between the mobile phone and the base station into plain text, they can also send commands to the mobile phone, which are then encrypted and forwarded to the provider – such as a purchase command for a subscription.

The researchers from Bochum used so-called software-defined radios for the attacks. These devices enable them to relay the communication between mobile phone and base station. Thus, they trick the mobile phone to assume that the software-defined radio is the benign base station; to the real network, in turn, it looks as if the software-defined radio was the mobile phone.

ALSO READ: India’s Cooperation With Russia For AI Innovation May Reach Level of Strategic Sector Soon

For a successful attack, the attacker must be in the vicinity of the victim’s mobile phone, said the researchers. (IANS)


Popular

Unsplash

Feminism itself is nothing but a simple movement that pursues equal rights for women (including transwomen) and against misogyny both external and internal.

"In India, to be born as a man is a crime, to question a woman is an atrocious crime, and this all because of those women who keep suppressing men in the name of feminism."

Feminism, a worldwide movement that started to establish, define and defend equal rights for women in all sections- economically, politically, and socially. India, being a patriarchal society gives a gender advantage to the men in the society thus, Indian feminists sought to fight against the culture-specific issue for women in India. Feminism itself is nothing but a simple movement that pursues equal rights for women (including transwomen) and against misogyny both external and internal. It states nowhere that women should get more wages than men, that women deserve more respect than men, that's pseudo-feminism.

Keep Reading Show less
wikimedia commons

Yakshi statue by Kanayi Kunjiraman at Malampuzha garden, Kerala

Kerala is a land of many good things. It has an abundance of nature, culture, art, and food. It is also a place of legend and myth, and is known for its popular folklore, the legend of Yakshi. This is not a popular tale outside the state, but it is common knowledge for travellers, especially those who fare through forests at night.

The legend of the yakshi is believed to be India's equivalent of the Romanian Dracula, except of course, the Yakshi is a female. Many Malayalis believe that the Yakshi wears a white saree and had long hair. She has a particular fragrance, which is believed to be the fragrance of the Indian devil-tree flowers. She seduces travellers with her beauty, and kills them brutally.

Keep Reading Show less
Pinterest

Ancient India not only made mentions of homosexuality but accepted it as well.


The LGBTQ+ acronym stands for Lesbian, Gay, Bisexual, Transgender, Queer, and others. In India LGBTQ+ community also include a specific social group, part religious cult, and part caste: the Hijras. They are culturally defined either as "neither men nor women" or as men who become women by adopting women's dress and behavior. Section 377 of the India Penal code that criminalized all sexual acts "against the order of nature" i.e. engaging in oral sex or anal sex along with other homosexual activities were against the law, ripping homosexual people off of their basic human rights. Thus, the Indian Supreme Court ruled a portion of Section 377 unconstitutional on 6th September 2018.

Keep reading... Show less