Recently, researchers have uncovered new attacks against the Long-Term Evolution (LTE) network protocol. LTE, a type of 4G network, is a mobile communications standard used by billions of devices around the world.

Security researchers from Ruhr-Universität Bochum and New York University Abu Dhabi discovered three new attacks against LTE technology. The first two are passive attacks — identity mapping and website fingerprinting. These allow the attacker to listen in on not only the destinations that are visited from the target’s mobile device, but also on what data is passing over the network. The third is an active domain name system (DNS) redirect attack, referred to as “aLTEr” by the research team. It allows the attacker to perform man-in-the-middle attacks to intercept communications and redirect the victim to malicious websites using DNS spoofing.

How does the attack work?

This attack works by taking advantage of a design flaw within the LTE network — the data link layer (or layer 2) of the LTE network is encrypted with AES-CTR but it is not integrity-protected. This means an attacker can modify the bits even within an encrypted data packet, which later decrypts to a related plaintext. As a result, the attacker is posing as a cell tower to the victim, while pretending to be a subscriber to the real network.

These types of attacks are not only limited to LTE networks. 5G networks may also be vulnerable to these attacks in the future, in the event that carriers do not implement the optional authenticated encryption feature.

How can you protect against these types of attacks?

The best way to protect against DNS spoofing attacks is to encrypt DNS queries, and only use trusted DNS resolvers. We’ve partnered with Apple to deliver the deepest level of visibility and control, including DNS encryption, for enterprise-owned iOS devices with the Cisco Security Connector application.

The Cisco Security Connector app protects users from connecting to malicious destinations in the first place. It leverages security intelligence to first classify the requested domain, and then determines if the request should be allowed — for safe destinations, or blocked — for malicious destinations. Users and mobile devices are protected regardless of location, whether on cellular networks, such as LTE, corporate networks, or public Wi-Fi. The Cisco Security Connector encrypts DNS queries and sends them to Cisco Umbrella for resolution. Encryption prevents DNS hijacking, while Umbrella’s industry leading intelligence blocks connections to malicious destinations, so you can protect your users anywhere they go.

Visit www.cisco.com/go/csc to learn more and start a free trial of Umbrella to get protected today.


Casey Ulaky

Product Marketing Manager

Security Product Marketing