4G LTE Security Flaws- potential false emergency alerts

["Scott M. Robertson" <Scott.M.Robertson@kp.org>]

A security flaw which may be of interest to the emergency community.  Particularly the point about false emergency alerts.

 

4G LTE Security Flaws

(March 2 & 5, 2018)
 

Vulnerabilities in the 4G LTE wireless telecommunications standard could be exploited to send phony emergency alert messages to mobile phones and launch at least nine other attacks. Researchers from Purdue University and the University of Iowa have published a paper describing tool they have developed to detect these security issues.

 

Editor's Note

[Neely]
Some of the security in LTE depends on security by obscurity, including temporary random unique identifiers which turned out to be neither temporary or random. Expect carriers to jump on remedying that oversight.

Read more in:
- www.zdnet.com: New LTE attacks can snoop on messages, track locations and spoof emergency alerts

- www.cyberscoop.com: Researchers uncover 4G LTE exploits that can be used to spy, spoof and cause panic

- arstechnica.com: LTE security flaws could be used for spying, spreading chaos

- www.scmagazine.com: Researchers: LTE vulnerabilities enable attackers to disrupt service, send fake emergency alerts

- assets.documentcloud.org: LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE

 

 

 

Scott M Robertson, PharmD, RPh, FHL7

Principal Technology Consultant

Health IT Strategy & Policy

 

Kaiser Permanente Information Technology
Technology Risk Office | Office of the CTRO
tro.kp.org

Pasadena / Torrance, CA

310-200-0231 (office)

scott.m.robertson@kp.org

kp.org/thrive

 

NOTICE TO RECIPIENT:  If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents.  If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them.  Thank you.