Thursday, 27 February 2014

Is 4G putting your mobile at risk of hacking?

LTE covers a wider range of frequencies than slower 2G and 3G networks, and uses an open protocol, making it more susceptible to hackers and viruses
LTE covers a wider range of frequencies than slower 2G and 3G networks, and uses an open protocol, making it more susceptible to hackers and viruses

Almost every phone launched at this week's Mobile World Congress was sold on the promise of having super-fast speeds thanks to built-in LTE technology.
LTE, also known as 4G, officially launched in the UK last year, but it’s been growing in popularity globally for the past five years.
The technology covers a wider range of frequencies and has the potential to be up to 100 hundred times faster than slower 2G and 3G networks, but a software and security expert has told the MailOnline this increased speed comes at a price - security.
Both 2G and 3G networks were primarily designed for feature phones; for voice calls and texts, rather than data.
However, 4G was designed especially for sending and receiving data, making it more equipped for the job.  
Leonid Burakovsky, senior director of strategic solutions at F5 told the MailOnline that while this makes it faster, the methods taken to achieve these speeds also make it more vulnerable.
'What the industry has done with 4G/LTE is taken a self-contained telephone network, secured primarily by virtue of being separate from the internet, and then bolted-on internet capabilities which were never designed to prevent eavesdropping,' said Burakovsky.
Put simply, 3G networks use a protocol called SS7 to send signals, this protocol is notoriously difficult to penetrate.

LTE networks, on the other hand, use systems such as Diameter, an open protocol that sends signals based on the IP addresses of networks. This makes it faster, and can handle more traffic than SS7.
However, because this is an open protocol, it makes it easier to penetrate. It is also responsible for managing the data sent for billing and authentication. 
The majority of new handsets released worldwide have LTE technology built in that helps them connect to super-fast 4G networks, including the Samsung S5 unveiled on Monday, pictured. Experts have warned operators need to do more to protect users against attacks directed straight at these faster networks

SECURITY RISKS AND MOBILES

Research from F5 found security is among the top three features people use to choose a mobile operator, after pricing and network coverage.
Two thirds of respondents said security is more important to them than access to the latest devices.
But despite this, around half (49 per cent) admitted that they don’t know how to protect their phones from malicious threats. 
Mobile users are more than three times as likely to blame their mobile operators (35 per cent) for security breaches, than the providers of services such as Facebook, Gmail or banking apps (10 per cent)  or handset manufacturers (4 per cent).
More than half of consumers said they'd switch providers after a major data breach.
This means it’s easier to access, and carries highly-sensitive and personal information such as passwords, location data, network addresses and cryptographic keys.
‘LTE networks are inherently less secure than their 3G and 2G predecessors,' said Burakovsky.
'This can open mobile networks up to a greater number of very real threats, meaning the onus will be on mobile operators to increase their efforts to protect users, network and applications.'
‘The main security problem with 4G networks is that user information can become easily available to hackers via, for instance, ‘man-in-the-middle’ attacks, and hackers can compromise new services like mobile health or mobile commerce,’ continued Burakovsky.

Attackers can place themselves either between two unsuspecting victims, or between the user and the app, or even between two machines.
This gives the attackers full access to the data being sent over the network, and some hackers could even be able to control it.
Burakovsky added that the main problem is there's no protection between the phone and the network it’s connected to, and the core network controlled by the operator.
Networks do use secure systems, such as IPsec and TLS, to secure certain parts of the sensitive data, but F5 warned operators need to do more to protect users against attacks directed straight at the mobile network.
'There needs to be more understanding of the user, the network, the app, and what people are trying to do when using their mobile devices,' said Burakovsky.
'The message is clear: comprehensive multi-layer security should be an integral part of any LTE to deliver the level of security consistent with the many advantages of 4G - like lightning fast video downloads - that make up a great customer experience.'

No comments:

Post a Comment