Home page logo
/

nanog logo nanog mailing list archives

Re: 4g hack
From: Joakim Aronius <joakim () aronius se>
Date: Thu, 11 Aug 2011 10:02:03 +0200

* Christopher Morrow (morrowc.lists () gmail com) wrote:
On Thu, Aug 11, 2011 at 2:32 AM, Charles N Wyble
<charles () knownelement com> wrote:
http://seclists.org/fulldisclosure/2011/Aug/76

Wondering what folks think about this? If this was true then we just
entered a whole new era of mass WAN exploitation.


This isn't really all that new is it? haven't people been able to buy
3g/pcs/etc antennae and such off ebay for a while and intercept
conversations/data/etc for a long time? GSM was 'hacked' (decrypted
via some rainbow tables) several years ago as well.

If you ship it over the air and there isn't a reasonable encryption
scheme in place, don't you expect it to be seen?

GSM and GPRS are vulnerable to MitM due to lack of two factor authentication etc. WCDMA (3G) and LTE (4G) should be 
safe as they have much better security. Not sure about 3GPP2 (CDMA) or WiMAX systems, perhaps early version of CDMA has 
similar problems as GSM. But saying that '4G' is vulnerable is a pretty broad statement as it consists of at least LTE 
and WiMAX, and some US operators also refer to their WCDMA HSPA as 4G. There is also a difference between 'the standard 
has security flaws' and 'the operator has deployed an insecure network' as operators might run their network with 
security features turned off.

Anyway, the paranoid should turn of GSM and run WCDMA instead.

/Joakim 


  By Date           By Thread  

Current thread:
  • 4g hack Charles N Wyble (Aug 11)
    • Re: 4g hack Christopher Morrow (Aug 11)
      • Re: 4g hack Joakim Aronius (Aug 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]