As a wide section of people continue working from home, the hours spent on audio calls, video calls and messaging services have gone up exponentially. While this would have otherwise been usual statistic, a new report by Positive Technologies has revealed that ALL of the world’s 4G networks are susceptible to a critical flaw that can enable a malicious hacker to conduct a denial of service attacker, and use it to track user locations, intercept calls, gain access to telecom identifiers, and in turn, gain access to sensitive data that can lead to identity breaches and financial losses.
According to the report, the flaw lies with the Diameter signalling protocol of 4G networks, a system that is in place to authenticate and authorise the distribution of any information exchange over a 4G network. The vulnerability in the security standard of the Diameter signalling protocol means that a malicious cyber attacker can make repeated and targeted information queries, or ‘ping’ the cell towers, making it look like a heavy traffic inflow for a particular user. Once this is implemented, the attacker can then gain access to the network nodes, therefore becoming privy to a slew of sensitive information. Given that the threat is due to a fundamental part of the 4G network infrastructure, any non-standalone (NSA) 5G network built on existing 4G networks, such as the ones set to be deployed in India, would also be exposed to this flaw.
The range of information that can be stolen from pratically any user across the world are endless. These include the tracking of a user location from the nearest cell tower information (which can help attackers target them with adware), and also scrape user identifiers from their networks. This can be critical, since the attackers can then use this information to forge identities and then use the escalated privilege to conduct all sorts of cyber crime, including financial forgery, information theft and identity cloning.
While this is risky at any given point in time, it is even more critical right now, owing to the increased volume of phone calls, video calls and information exchanges over the internet. As the report overview by Positive Technologies states, “Remote work requires high-quality communication in order to work with colleagues, customers and clients, not to mention the demand for entertainment services as a pastime. Malicious actors may take advantage of the massive transition to remote work to compromise resources and steal data. Network traffic interception is a major risk.”
In order to safeguard yourself against such possible threats, you as a user are recommended to use end-to-end encrypted chat services as far as possible. Applications such as Signal and WhatsApp, the latter of which is putting increasing emphasis on safety, are relatively safer communication tools. Apart from these, try to set up multi-factor authentication for logging in to all of your financial resources, including a diverse set of verification questions and tricky answers to them, so as to prevent attackers from brute-forcing their way into accounts and networks.