Researchers have recently discovered a new security vulnerability affecting all 4G LTE networks. The so-called “aLTEr” attack could allow someone nearby to send your phone’s browser to a web site different than the one requested, impersonating your bank’s web site, for example. Similarly, it could trick an app into connecting to a different back-end service. aLTEr requires that the attacker use $4,000 equipment and be within about a mile of the victim, among other challenges. Although a successful attack is difficult, it could be used against high-value targets such as politicians, military personnel, journalists, employees of corporate rivals, etc. The flaw is inherent in the LTE standard and unlikely to be fixed. However, because aLTEr relies on DNS spoofing, it can be avoided by only using web sites and services that employ both HTTPS and DNSSEC. Currently, less than 1% of .com web sites employ DNSSEC, although many high-value sites do use it.
Write a comment