Lovers of mobile communications and cellular networks, remember, not one SS7 is a living phreaker. And if anyone thinks that with the advent of a new generation of communication phreaking will "bend" - you are wrong.
Since 4G and higher protocols use strong encryption algorithms, until recently it was almost impossible to get data from the communication channel without preliminary physical access to the device.
In practice, for a successful attack on the cellular network, either physical access to the operator's resources was required (the security forces of all normal states have and total recording of all conversations is conducted everywhere), or the degradation of the communication channel to archaic standards (the effect of this technology could be seen, for example, in Crimea and Donbass, while Russian leaders were negotiating for the installation of normal equipment on communication channels). There are also portable versions of hardware and software systems for wiretapping GSM (not LTE), which can be purchased at a price tag of $ 50k, but these APKs will not help you hack 4G if the choice of this standard in the “pipe” is made forcibly. That all normal people have been practicing for a long time.
For those who want to "play with the possibilities" and not pay $ 50k, in public, to attack GSM using Software Defined Radio (SDR) devices such as hackRF, there is a lot of suitable software. Of the ones I tested, gr-GSM can be noted. There are other developments, and we will definitely return to the topic of SDR in general and phreaking in particular, but this time with the video. Let's talk about LTE. Last year, the efforts of specialists from Korea, who used phasing as an attack vector, proved that LTE is vulnerable, in particular, due to the lack of packet integrity checks. But quite recently, the guys from the IMP4Gt project (googled) have already promised in the near future to demonstrate an exploit capable of performing the above attack. As a result, the authors write, it is possible to log in as another user and even get access to traffic. And this is a completely different Kalinkor.
So what can you do in order not to suffer from such attacks? Everything is as old as the world. You just need to use additional levels of encryption, for example VPN, and force 4G on in the phone settings. The key element of IMP4GT attacks is software-defined radio (that is, to carry out an attack, the attacker must be close to his victim). Such a device is capable of intercepting signals between a mobile device and a base station, and, using them, deceive a smartphone, impersonating a base station, or, on the contrary, deceive the network, pretending to be a smartphone. As soon as the communication channel is compromised, manipulation of the data packets that circulate between the device and the base station begins. “The problem is the lack of integrity protection: data packets between the mobile phone and the base station are encrypted, which protects the data from eavesdropping. However, it is possible to change these data packages. We do not know what is in the data packet, but we can provoke errors by changing the bits from 0 to 1 or from 1 to 0,” the experts say.
As a result, such bugs can force the mobile device and base station to decrypt or encrypt messages, convert information into plain text, or create a situation where an attacker can send commands without authorization.
These commands can be used to buy paid subscriptions or book services (when someone else pays the bill), but they can have more serious consequences. For example, an attacker can visit websites under someone else's disguise and transmit information on behalf of someone else, thereby exposing other people. The authors of the study emphasize that IMP4GT attacks are dangerous for some 5G networks. The vulnerability can be addressed in 5G networks by introducing mandatory integrity protection at the user level, but this will require considerable costs on the part of telecom operators (additional protection will generate more data transmission, and base stations need changes), as well as replacing existing smartphones. experts will present the problem at the NDSS Symposium 2020, which will soon be held in San Diego.