Researchers from Ruhr-Universitat Bochum (RUB) in Germany and New York University Abu Dhabi in the U.A.E. eavesdropped on cellphone calls by exploiting a security flaw in basestation implementations. The bug impacts the Voice over LTE (4G) standard used for nearly all cellphone calls not made through special messenger services.
To exploit the flaw, a hacker who called one of two people shortly after their conversation, and recorded the encrypted traffic from the same cell, would receive the same key that shielded the previous conversation. Tests of randomly chosen radio cells in Germany revealed that the vulnerability affected 80% of the cells. Manufacturers and phone providers subsequently updated the basestations' software to patch the bug.
The RUB team developed an application for Android devices to track down still-vulnerable radio cells, and report the information to the Global System for Mobile Communications Association.
From Ruhr-University Bochum
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA