Time to be Conscious About 4G Downgrade Attack

Reading Time: 6 minutes

Have you ever pondered what does 4G really mean? Why is it beneficial to you? What are the security flaws in it? How can it be misused by cyber terrorists to create panic attacks? How can you, as an end user, be affected by its inherent vulnerabilities? Well, let us discuss some of the critical flaws of 4G technology in this column, recently exposed by a group of reputed US-based scientists. Reetwika, an expert on cybersecurity, cautions us, giving invaluable tips, in the weekly column. A Different Truths exclusive.

There are loud buzzes all around the world about lucrative 4G offers by telecom device manufacturers and mobile network operators. But have you ever pondered what does 4G really mean? Why is it beneficial to you? What are the security flaws in it? How can it be misused by cyber terrorists to create panic attacks? How can you, as an end user, be affected by its inherent vulnerabilities? Well, let us discuss some of the critical flaws of 4G technology in this column, recently exposed by a group of reputed US-based scientists.

As you might be already knowing, 4G stands for ‘4th Generation’ telephony, which was introduced lately in 2011 announcing a huge leap from its age-old ancestors. It promises to provide ultra-broadband (gigabit speed) network access in mobility solutions through Internet Protocol (IP) based networks. Its earlier version was called 3G which enabled multimedia support in due course of its evolution from orthodox digital (2G) and analog (1G) telecommunications.

Due to the state-of-the-art technology, 4G has several advantages over its precursors of which high-speed internet tops the list. But as they say, with every high-tech boom, there come a thousand banes and 4G technology to is not spared from this curse. Of late, it has been proved that 4G is susceptible to various cyber attacks due to its very own ultra-modern technicality and Downgrade Attack is the most common which all of us must have faced at least once in last 6 months.

There are three facets of telecommunication – privacy, integrity, and availability of your data in transit over the network. If any of these aspects are compromised at any point in time, it’s called a service downgrade and if this phenomenon is purposely caused by an intruder, it’s termed as a Downgrade Attack. 4G cyberattacks are mostly aimed at the network rather than your personal device and by downgrading the subscribers, attackers can circumvent authentications at insecure base stations. Let me explain this little more in details.

Suppose, you are using a 4G enabled device with a 4G SIM of a reputed mobile network service provider. To make a call or login to your email using that 4G SIM, your device first sends an IP packet (connection request) to your 4G service provider, then your mobile network operator diverts it to their nearest geo tower (base station), authenticates your credentials (SIM) and accepts or rejects the connection based on the verification result. If accepted, your call or internet session gets connected.

But that’s an ideal scenario. How about a case where your base station supports only up to 3G requests? Will you still be able to enjoy 4G benefits? Unfortunately, no. In such cases, it is highly likely that your 4G connection will be automatically downgraded to a 3G or 2G state. In rare cases, if the base station is not properly hardened with appropriate 4G security protocols, it may still go through but without any verification. In either case, it affects the overall security risk of the subscriber, i.e. you. 

Let me ask you a very simple question. During an ongoing call or internet session have you ever experienced a sudden call drop or decreased internet speed due to network unavailability or poor connectivity? If yes, it could be due to a Downgrade Attack.

There might be a man-in-the-middle who was eavesdropping your 4G telecommunication channel, just waiting for an active call or session to get established. The moment you authenticate yourself, he forces into the data tunnel, hijacks your existing connection and himself impersonates as the legitimate user. At this condition, you (the authenticated user) face network issues (ex: call drop, lower speed, weak connectivity, server jam, denial of service etc) while the attacker enjoys all the 4G fun.

They can even alter the geotag of your device and create a false alibi of his location while committing the crime. Upon investigation, his original location will be masked behind your SIM’s coordinates, device’s IMEI and user credentials. In a nutshell, you lose privacy, integrity, and availability of your data present in the network. Earlier this was not possible with 3G and older generations because a Downgrade Attack is only likely if data is transferred over a telecommunication channel as an IP packet and not via digital or analog transmissions.

However, that does not mean all network issues are due to Downgrade Attacks. There might be other reasons too like real technical snags, weather conditions, hardware issues, peak loads etc. So, don’t get panicked if you face 4G downgrades with your service provider. However, there is nothing like taking precautions at your end. Though agreed, in case of a Downgrade Attack, there is nothing much you could do on the face, but a conscious user can avoid further losses. Here are my simple tips which you may find handy next time: 

  1. Delete all the cookies, browsing history and other saved files from your device’s cache memory and retry setting up the connection. If it’s not a Downgrade Attack, you will notice a speed improvement.
  1. Do not save your passwords in the devices, especially if it is 4G enabled. It makes the task easier for the attackers to steal and impersonate.
  1. Do not save your credit and/or debit card’s sensitive information in your 4G enabled device or SIM. It could be easily sniffed while connected to a 4G network.
  1. Do not use refresh or back button in the middle of an authentication session. Rather, exit completely if it gets stalled in between. This will prevent session hijacking by any middleman.
  1. If there is a network degradation in the middle of a call or internet browsing session, try to disconnect it by logging out. It will instantly end the session even if hijacked.
  1. Always keep your devices updated with latest security patches to repair any existing hardware, firmware, OS and application vulnerabilities.
  1. Prefer not to save sensitive information in your 4G SIM like contact numbers, photos, personal documents etc. If your connection is compromised, you lose all privacy.
  1. While upgrading your existing SIM to a 4G connection, be sure to delete all your stored records from the old chip before handing it over to the operator executive.
  1. In case of any theft, report immediately to your mobile network service provider with your device’s IMEI. 4G SIMs can be tracked faster by the cyber experts.
  1. Finally, do not get pranked by any fake calls in the name of mobile operators especially if they offer you hard-to-believe kind of 4G benefits with a hurry like lifetime free internet only for today, unlimited downloads at Re. 1 valid for next 30 minutes, zero international roaming only for you, winner of $10 million in a lucky draw etc. and ask you to press any button on your device, valid OTP, ATM PIN, password etc. to immediately encash the offer. Do verify it with your mobile operator separately before you take any committable action.

 

©Reetwika Banerjee 

Photos from the Internet

#4GDowngradeAttack #ATMPIN #4G #3G #SIM #Hacking #CyberCrime #DifferentTruths

Reetwika Banerjee is a Cyber Security Expert presently associated with a US consulting giant. She holds international MBA degree in Information System & Security and aims to be the face of women in security. During leisure hours, she enjoys writing books, news columns, travel blogs and films. She holds 2 World Records and 3 National Records for devising three innovative concepts in Modern Literature. A native of Kolkata, she is now a resident of Bangalore.