Telecommunications operators are racing to roll out 4G networks across the country as data- and media-rich applications – alongside evolving user expectations – place an even greater premium on speed. But in the rush to expand coverage, it seems that some security fundamentals could be getting overlooked.
In a recent submission filed with the National Telecommunications and Information Administration (NTIA), researchers from Virginia Tech pointed to potentially alarming loopholes in 4G network security. According to MIT Technology Review, experts discovered no less than eight separate pain points which could be exploited to “jam” an LTE signal and – with sufficient power – disrupt the communications of an entire municipal network.
Jamming is by no means a new tactic, and it is actually rather low-tech. The underlying process entails using a transmitter to send a signal so strong, that anyone else attempting to utilize that given frequency is effectively blocked from the network. And as government officials develop plans to migrate emergency communications to these networks over the next few years, jamming could evolve from an annoying disturbance into something much more serious.
“It is very possible for radio jamming attacks to accompany a terrorist attack, for the purpose of preventing communications and increasing destruction,” the Virginia Tech researchers noted in the report. “Likewise, it is possible for criminal organizations to create mayhem among public safety personnel by jamming.”
A low barrier to entry
What makes 4G networks uniquely vulnerable, according to MIT Technology Review, is the fact that the entire fidelity of an LTE signal is dependent on control instructions that comprise just 1 percent of the overall signal. As a result, an attack that is relatively small in scope could still have a massive impact if appropriately directed.
What’s more, such an attack could likely be carried out with very limited technical expertise. As researchers suggested, the required tools could be procured for possibly as little as $650. By combining a specialized software-defined radio unit with a laptop computer and a redirected power source as simple as a car battery, attackers could hold the fate of a city’s 4G network in their hands.
While this is only a proof-of-concept demonstration, troubling questions still remain. How long would system restore and recovery operations take after such a strike? What other homecooked applications could criminals design to take down public utilities? Who should be involved in developing and enforcing layered security protocols?