Researchers from Ruhr-Universität Bochum & New York University Abu Dhabi have recently discovered three types of attacks/vulnerabilities for devices using Long-Term Evolution (LTE) network protocol that cyber criminals can use to steal your data. The researched team has dubbed the attacks as “aLTEr”. With LTE (a form of 4G) as a standard in the mobile communications industry, many of their users can be affected by these new attacks. However, according to the researchers, the efforts in which to do these attacks are so high that they will most likely only target those of special interest like politicians or high-level management of corporations.
aLTEr attacks can either be passive or active in nature. The passive attacks are considered so as they do not directly interfere with network connections, what they cyber criminals do are to release a type of tool in which they use to eavesdrop on the activities of the user. This means that they can monitor your internet activities and collect information on the user’s habits on the internet and use it to their advantage.
An active attack on the other hand, makes use of the middle-man method. Through the vulnerability found within the data layers, attackers are able to intercept your traffic with the network. They are able to fool the network into thinking that they are the user and vice versa so that they may redirect you to a malicious website rather than the intended destination so that they may try to steal your data or infect your device without you nor the network knowing.
Although stated that this is not vulnerabilities which will affect the majority of LTE users, there are still those at risk. The researchers have recommended the following steps you can take to avoid prevent these attacks:
- Update the specification. A specification updates means that the implementation of all devices must be changed, which leads to a high financial and organizational effort. This is likely not feasible in practice.
- Correct HTTPS configuration. Using correct parameters for HTTPS (especially HTTP Strict Transport Security (HSTS)) helps to prevent the redirection to a malicious website. It can act as an additional layer of protection.
- Virtual Private Network (VPN). Using VPN tunnel with integrity protection and end point authentication helps to prevent the attack. The VPN tunnel acts similar to HTTPS as additional security layer.
For those interested in an extra layer of defense against attacks like aLTEr, Cisco Umbrella and Cisco AMP for endpoints are the solutions you are looking for. Cisco Umbrella acts as your first layer of defense as it protects your endpoints from downloading malicious requests such as phishing attempts or infected websites trying to download in the background. For threats that can’t be blocked by umbrella, such files downloaded by the user outside of the Umbrella network, there is Cisco AMP for endpoints. Cisco AMP for endpoints can block malware using global data analytics, perform exploit prevention, uses machine learning, perform rootkit scanning, and has a built-in antivirus engine.
To learn more about aLTEr attacks you may read up on the official website here. To learn more about Cisco Umbrella and Cisco AMP for Endpoints, you may call us at 893-9515 for more information!