Category: hacker news

Breaking LTE on Layer Two

The technical characteristics of the aLTEr attack are comparable to IMSI catchers, as in both cases the attacker simulates a malicious network towards the victim. Nevertheless, we find two general differences. First, the aLTEr relay actively sends data to the mobile network and acts as a Man-in-the-Middle attacker that modifies packet contents. Second, classical IMSI-catching attacks try to identify and localize the victim. In the aLTEr attack, we redirect DNS packets to perform DNS spoofing and then hijack network connections. Sumber: Hacker...

Read More

New 4G LTE Network Attacks Let Hackers Spy, Track, Spoof and Spam

Security researchers have discovered a set of severe vulnerabilities in 4G LTE protocol that could be exploited to spy on user phone calls and text messages, send fake emergency alerts, spoof location of the device and even knock devices entirely offline. A new research paper [PDF] recently published by researchers at Purdue University and the University of Iowa details 10 new cyber attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals. The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, and paging. Unlike...

Read More

Researchers Uncover New Attacks Against LTE Network Protocol

If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on users’ cellular networks, modify the contents of their communications, and even can re-route them to malicious or phishing websites. LTE, or Long Term Evolution, is the latest mobile telephony standard used by billions of people designed to bring many security improvements over the predecessor standard known as Global System for Mobile...

Read More

Typeform, Popular Online Survey Software, Suffers Data Breach

Typeform, the popular Spanish-based online data collection company specializes in form building and online surveys for businesses worldwide, has today disclosed that the company has suffered a data breach that exposed partial data of its some users. The company identified the breach on June 27th, and then quickly performed a full forensic investigation of the incident to identify the source of the breach. According to the company, some unknown attackers managed to gain unauthorized access to its servers and downloaded a partial data backups for surveys conducted before May 3rd 2018. Typeform confirmed that it patched the issue within...

Read More

RAMpage Attack Explained—Exploiting RowHammer On Android Again!

A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage, the new technique (CVE-2018-9442) could re-enable an unprivileged Android app running on the victim’s device to take advantage from the previously disclosed Drammer attack, a variant of DRAM Rowhammer hardware vulnerability for Android devices, in an attempt to gain root privileges on the target device. You might have already read a few articles about RAMpage on the Internet or even the research paper, but...

Read More