By now we’re all pretty familiar with LTE, including some of its more advanced implementations that offer boosted speeds. But what we’re not familiar with is how potentially malicious attackers can use LTE to snoop on your phone and potentially cause some damage and headache.
Up until now it hasn’t really been an issue, but a new LTE flaw would allow just that, and that’s bad news for your smartphone traffic.
The attack, called aLTEr, works by abusing the data link layer of an LTE network. An attacker would use a device in between a user and an actual LTE tower to take requests from the user then forward the data on to the LTE network with some information slightly changed. In this particular case, what would most likely happen is that the DNS server requests would be modified to return malicious sites to the user instead of whatever site they were originally requesting.
In the video demonstrating the attack, the user would try to pull up Hotmail but would be redirected to a different IP address that looks like Hotmail but is actually a malicious site attempting to nab personal information. See the danger?
Now there’s no need to totally freak out just yet, since there are some strict limitations on how effective this kind of attack can be. The attacked would need to be within about a mile of the user they were targeting, and the equipment to pull this off isn’t cheap.
Unfortunately, there’s no way for LTE to be “patched” to fix this, so it’s incredibly important to pay attention to any sites that may be asking for any usernames or passwords. Make sure your browser isn’t giving off unsecure warnings and be sure to only put personal information into a site that you fully trust.
source: XDA Developers