4G mobile calls still open to eavesdroppers
Armour Communications, a provider of specialist, secure communications platforms explains in a paper published today entitled, Is someone listening in on your confidential calls?, how the latest 4G network fails to solve the problem of electronic eavesdropping. Firms’ intellectual property (IP) and commercially sensitive information can still be listened into by perpetrators using an IMSI catcher, despite new security measures and stronger encryption used by the 4G network. This type of hack can be set up with equipment that is highly portable and costs less than £1000.
A rogue base station attracts mobiles by offering a stronger signal, and once connected forces the mobile back to 2G technology, where encryption is negligible and easily bypassed. This attack was demonstrated recently at the Ruxcon Security Conference, in Melbourne.
Andy Lilly, director and co-founder of Armour Communications commented; “Given the many years of experience and the huge investment in time to develop the specification for the 4G network, it has been assumed that it would be much better at protecting privacy. While it is to some degree, 4G does not solve the issue of potential IMSI catcher style attacks leaving commercial and public sector/government organisations vulnerable.”
4G enforces mutual authentication between handset and network base station, unlike 2G/GSM, but it still requires the mobile to transmit its International Mobile Subscriber Identity (IMSI) at least once in order to connect. Also, because 4G coverage is not ubiquitous, a fraudulent base station can trick handsets into downgrading to 2G, meaning any communication, voice, text or attachment can be compromised.
Andy Lilly added; “There is currently a proliferation of free apps and services that claim to be secure and encrypted, however, organisations should be careful about using such services. These services are not explicit about exactly what is encrypted and therefore there can be gaps that the user is unaware of. Furthermore, companies should not rely on services over which they have no control – for example the carrier service in some countries – in order to protect commercially sensitive information on which the success of their business depends.”
- Almost half of UK firms hit by cyber breach or attack in the past year - April 21, 2017
- Over £109 million of funding for driverless and low carbon projects - April 19, 2017
- Is HMRC promoting tax avoidance for 29% of contractors who use its IR35 status tool? - April 17, 2017
- Apprenticeship levy: how to avoid getting ripped off - April 14, 2017
- Angry Brits reach boiling point 20 times a month - April 12, 2017
- Locum doctors need 50% pay rise to take home the same earnings as IR35 reforms take effect - April 10, 2017
- José was right – he is the unluckiest Football Manager in the English Premier League - April 7, 2017
- Women better suited to leadership in almost all areas, says research - April 5, 2017
- Rail prices and industrial action costing London its talent - April 3, 2017
- Let’s get dangerous – the world’s 15 riskiest sports - March 31, 2017