Search This Blog

Showing posts with label 4G Network. Show all posts

Six New Vulnerabilities Found in DIR-865L Model of D-Link Routers


Over the last few months, the cyber world witnessed an alarming spike in the number of malicious attacks, it's seen as a direct result of more and more people working from home. As organizations have been experiencing unprecedented cybersecurity challenges, it has become even more crucial for users to keep their networks updated and hence secured.

DIR-865L model of D-Link routers, designed for monitoring home network from anywhere, was found to be containing six vulnerabilities as follows:

1. CVE-2020-13782 [Improper Neutralization of Special Elements used in a Command (Command Injection)]: A backend engine known as cgibin.exe controls the web interface for this router; attackers can place arbitrary code to be executed with administrative privileges.

2. CVE-2020-13786 [Cross-Site Request Forgery (CSRF)]: Threat actors can intercept data present on sections under password protection by capturing the network traffic; the router's web interface consists of various pages that are vulnerable to this security flaw.

3. CVE-2020-13785 (Inadequate Encryption Strength): The attackers can learn a user's password via a brute force attack carried offline on the basis of information that's sent to the client from the router when the user logs into the SharePort Web Access portal in port 8181.

4. CVE-2020-13784 (Predictable Seed in Pseudo-Random Number Generator): By exploiting this vulnerability, the attackers can deduce the information required to perform CSRF attacks even if the router is encrypting session information using HTTPS.

5. CVE-2020-13783 (Cleartext Storage of Sensitive Information): When an attacker attempts to acquire the admin password stored in the tools_admin.php page, he requires physical access to a logged-on machine as credentials sent over the wire are not clear. Once the attacker acquires physical access, he can view the password via the HTML source of the page.

6. CVE-2020-13787 (Cleartext transmission of sensitive information): Attackers capturing network traffic and stealing data can access the password used for guest wifi network, it's done via an option 'Wired Equivalent Privacy' (WEP).

These 6 newly discovered vulnerabilities by Palo Alto Networks' Unit 42 researchers in the D-Link DIR-865L home wireless router can be exploited all at once to run arbitrary commands, delete information, upload malware, exfiltrate data or intercept information and obtain user credentials illicitly.

To stay protected against the session hijacking attacks, users are advised to default all traffic to HTTPS and stay updated with the latest available version of the firmware with fixes, one can find the firmware on the D-Link's website. The website also provides a 'how-to' tutorial for changing the time zone on the router for the users to further defend themselves from possible malicious attacks.

LTE vulnerabilities could allow eavesdroping


There are new vulnerabilities discovered with the 4G network used by smartphones. South Korean researchers discovered 36 new flaws using a technique called 'fuzzing'.

It turns out that our mobile networks may not be the safest. As LTE gets ready to make way for 5G, researchers have discovered several flaws in the Long-Term Evolution (LTE) standard, which could allow an attacker to intercept data traffic or spoof SMS messages.

The 4G LTE standard has vulnerabilities that could allow a hacker to intercept data that is being transferred on the networks. Although there has been plenty of research about LTE security vulnerabilities published in the past,  what's different about this particular study is the scale of the flaws identified and the way in which the researchers found them.

Researchers at the Korea Advanced Institute of Science and Technology Constitution (KAIST) have discovered 51 vulnerabilities with the 4G LTE standard—this includes 15 known issues and 36 new and previously undiscovered flaws with the standard.

LTE, although commonly marketed as 4G LTE, isn’t technically 4G. LTE is widely used around the world and often marketed as 4G. LTE can be more accurately described as 3.95G.

Given the widespread use of LTE, the latest findings have massive implications and clearly show wireless networks that consumers often take for granted aren't foolproof.

In their research paper [PDF], the researchers claim to have found vulnerabilities enabling attackers to eavesdrop and access user data traffic, distribute spoofed text messages, interrupt communications between base station and phones, block calls, disconnect users from the network and also access as well as manipulate data that is being transferred. The researchers are planning to present these at the IEEE Symposium on Security and Privacy in May.

“LTEFuzz successfully identified 15 previously disclosed vulnerabilities and 36 new vulnerabilities in design and implementation among the differ- ent carriers and device vendors. The findings were categorized into five vulnerability types. We also demonstrated several attacks that can be used for denying various LTE services, sending phishing messages, and eavesdropping/manipulating data traffic. We performed root cause analysis of the identified problems by reviewing the related standard and interviewing collaborators of the carriers,” said the researchers in the report.

New security flaws in 4G and 5G




Security researchers have found three new security flaws in 4G and 5G, which could be exploited to intercept the phone calls and track the location of a cell phone.

Discovery of the flaws is said to be a huge set back for both 4G and the new 5G technology, which is much more faster, and has better security, it is particularly against the enforcement law of cell site simulators, known as “stingrays.”

“Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper, said in an Email interview with TechCrunch.

The team includes Syed Rafiul Hussain, Ninghui Li and Elisa Bertino from the Purdue University, and Mitziu Echeverria and Omar Chowdhury from the University of Iowa. They have revealed their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday.

The paper includes details of the attacks that could be implemented.  The first is "Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that several phone calls placed and canceled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location. Knowing the victim’s paging occasion also lets an attacker hijack the paging channel and injector deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether," reported by TechCrunch.

According to security experts, most of the operators in the US including AT&T, Verizon, Sprint and T-Mobile are affected by Torpedo, and the attacks can be carried out with radio equipment costing as little as $200. 

4G Network Is Under Attack!




As of yesterday a team of academics published a report on a research conducted that described three attacks against the mobile communication standard LTE (Long Term Evolution), otherwise called the 4G network.

As indicated by the researchers, two of the three attacks are 'passive', which means that they allow an attacker to gather meta-information about the user's activity and in addition to this also enable the attacker to determine what sites a user may visit through his LTE device. Then again the third is a functioning attack or an active attack in other words, that gives the attacker a chance to manipulate data sent to the user's LTE gadget.

Researchers nicknamed the active attack aLTEr in view of its intrusive capacities, which they utilized as a part of their experiments to re-direct users to malevolent sites by altering the DNS packets.
In any case, the researchers said that the regular users have nothing to fear, until further notice as carrying out any of the three attacks requires extremely unique and costly hardware, alongside custom programming, which for the most part puts this kind of attack out of the reach of most cyber criminals.

"We conducted the attacks in an experimental setup in our lab that depends on special hardware and a controlled environment," researchers said. "These requirements are, at the moment, hard to meet in real LTE networks. However, with some engineering effort, our attacks can also be performed in the wild."

The equipment expected to pull off such attacks is fundamentally the same as purported "IMSI catchers" or "Stingray" gadgets, equipment utilized by law enforcement around the globe to trap a target's phone into interfacing with a fake telecommunication tower.

The contrast between an aLTEr attack and a classic IMSI catcher is that the IMSI catchers perform 'passive' MitM attack to decide the target's geo-area, while aLTEr can actually alter what the user views on his/her device.

With respect to the technical details of the three attacks, the three vulnerabilities exist in one of the two LTE layers called the data layer, the one that is known for transporting the user's real information. The other layer is the control layer as that is the one that controls and keeps the user's 4G connection running.

As indicated by researchers, the vulnerabilities exist on the grounds that the data layer isn't secured, so an attacker can capture, change, and after that transfer the altered packets to the actual cell tower.
The research team, made up of three researchers from the Ruhr-University in Bochum, Germany and a specialist from New York University, say they have warned the relevant institutions like the GSM Association (GSMA), 3rd Generation Partnership Project (3GPP), as well as the telephone companies about the issues they had found.

Cautioning that the issue could likewise influence the up and coming version of the 5G standard in its present form. Experts said that the 5G standard incorporates extra security features to forestall aLTEr attacks; however these are as of now discretionary.

The research team has although, published its discoveries in a research paper entitled "Breaking LTE on Layer Two," which they intend to display at the 2019 IEEE Symposium on Security and Privacy , to be held in May 2019 in San Francisco.

Below is a link of a demo of an aLTEr attack recorded by researchers.