Vulnerability lets hackers impersonate LTE mobile device users, researchers say

German researchers have found a new vulnerability on 4G/LTE mobile devices that could allow hackers to impersonate the phone’s owner.

The bad news: Hackers can run up users’ bills, upload illegal documents under users’ identities, and even intercept unencrypted internet traffic—all due to a gap that’s built into all devices that use LTE service. The good news is that it’s highly unlikely an average user will fall victim to this kind of crime, given the complexity of the hack.

“The attacker needs to be highly-skilled and in close proximity to the victim,” says Maya Levine, security engineer at security software provider Check Point. “The average person is not going to be affected by this, but a single target of high interest could be targeted.”

Researchers at Ruhr-Universität Bochum in Germany discovered the crack in the system. The team, comprising Thorsten Holz from Horst Görtz Institute for IT Security, David Rupprecht, Katharina Kohls, and Christina Pöpper, are expected to present their findings next week at the Network Distributed System Security Symposium in San Diego.

Here’s how hackers exploit the vulnerability: When an LTE mobile phone user moves around, the nearest cell tower sends a signal to his or her device. An attacker would have to be in the same area as the intended victim to fool the cell tower and have the technical expertise to pose as the original user to send and receive the LTE signals.

The attacker could then run up a person’s bill by making international calls or using premium services offered by the victims provider, like subscribing to a TV package, said Mark Nunnikhoven, vice president of cloud research for cybersecurity firm Trend Micro. Hackers can also collect unencrypted information sent to the victim.

“This attack happens at such a low level that all the activities we’re used to doing—Facebook, email, messages are encrypted,” Nunnikhoven says. “The normal activities are very unlikely to be impacted by this.”

The most likely targets of this kind of hack would be high-net worth individuals or specific targets who may have large quantities of sensitive information, the researchers say. Even then, the chances that a hacker would get a much useful information is still slim, given that most digital activities are encrypted.

But the vulnerability could pose a problem for network providers and law enforcement agencies, both of which would have a difficult time verifying whether a specific user did the activities their device suggests they did.

“The carrier could say I received a request for this service, and I billed you,” says Darren Shou, head of technology at NortonLifeLock. “And the user would say It wasn’t me, it was an evil twin. What repudiation would exist?”

Though the new discovery doesn’t provide any reason for the average LTE user to panic, it does remind consumers, providers, and technologists of the need to continuously improve their security practices.

The LTE vulnerability is not something a user has any control over, but there are things users can control. For example, frequently making sure their passwords have been changed, being cognizant of what links they are clicking on, and freezing banking accounts when there’s suspicious activity are best practices for thwarting hackers.

“A healthy dose of paranoia when it comes to what you’re receiving is important,” Levine says.

For technologists, news of the LTE hack reinforces how important encryption is, as hackers continue to find new ways to steal valuable data.

While the LTE hack is not an immediate, massive threat today, the new findings could be more troublesome in the near future.

“What we’ve seen is the combination of vulnerabilities, that when you combine one with something else, has bigger advantages,” Nunnikhoven says. “ There could be problems down the road if another one complements this.”