Search

IMPersonation Attacks in 4G neTworks – IMP4GT

Greetings Everyone,
Good To see you all again in another blog
Today we will learn something new that we haven’t heard about it much.
Yes, Let’s Discuss Something about what we use in our daily Life.
Most of the Indians are now an active subscriber to the LTE Mode of communications. For example JIO

Let’s Talk about some attack or risk that we have in our infamous communication method.

IMP4GT – IMPersonation Attacks in 4G NeTworks is an attack where Attacker tries to exploits the missing integrity protection and employing additional attack mechanism to impersonate a user towards network and vice versa.
Before Getting learning the attack, lets learn something technical

What is LTE?
Long Term Evolution (LTE) is a standard for Wireless Broadband Communication for Mobile Devices and data terminals based on our older days technologies such as GSM/EDGE and UMTS/HSPA.
We use this because of its increased Speed and Capacity that is due to the use of different radio interface together with core network improvements.
For More details you can visit Wikipedia Anytime…Lol

What is Mutual Authentication?
Mutual Authentication is also known as two-way authentication i.e two alliances authenticating each other.
Usually the authentication is of Two types.
1) Certificate based
2) Username-Password Based.

Okay, Lets get into attack and see how this attack works, We are not going to simulate the attack in here. It needs full commercial network where we need to get connected with the LTE Network. That’s Illegal activity to perform such kind of an attack without proper concern from the authorities.

How this Attack Works?
The IMP4GT attack works by exploiting the missing integrity protection for user data and a mechanism of IP Stack mobile Operating system to build encryption and decryption oracle, both helps an attacker to inject arbitrary packets and to decrypt packets.

What are the Attack modes?
We know our communication works in Uplink and downlink directions.
1) In the Uplink Impersonation, Attacker acts as a Victim towards the network and can utilize the arbitrary IP Services(Websites) with the idetity of the victim. All the activities and traffic generated by attacker is happening with Victim’s IP.

2) In the Downlink Impersonation allows an attacker to create a TCP/IP Connection to the phone that can bypass firewalls of LTE Network while the attacker is not able to break any security mechanism above the IP layer.

As of Yet This LTE vulnerability affects most of Android IPv4 Addresses and IPv6 addresses of iOS and Android Devices.

The attack Probability is very Low, because of the close proximity to the victim. Need of Specialized Hardware and controlled protocol Stack and other environmental things need more engineering effort. Attackers mainly targets politicians and other Big Fishes with these kind of attacks.

What will happen if attack happened?
Attacker can impersonate the victim or the the network, which is he or she can send and receive IP packets with stolen identity. Eventhough the attacker can not steal any personal information but it is enough to use the traffic and Identity to create and act maliciously in various crime activities.
Law enforcement interference will be needed to take actions at such conditions.

Early Stages of 5G is also vulnerable to these attack vector.

Its good to know about the risk we have in what we use.
See you again in another Interesting Blog
Bye Bye

Author : Sam Nivethan V J
Security Analyst & Trainer

References: https://en.wikipedia.org/wiki/LTE_(telecommunication)
https://en.wikipedia.org/wiki/Mutual_authentication
https://alter-attack.net/

Table of Contents

Social Media
Facebook
Twitter
WhatsApp
LinkedIn