According to recent research, there are serious 4G vulnerabilities that affect mobile users. What are these 4G...
vulnerabilities? How should enterprises protect their employees who use affected mobile devices for work?
Lax or absent protection mechanisms in 4G networks can enable an attacker to intercept sensitive information, like the user's Mobile Station International Subscriber Directory Number and International Mobile Subscriber Identity. This information can help attackers discover where and when the targeted subscribers use their mobile devices.
These man-in-the-middle attacks are performed to access and read encrypted emails, text messages and browsing history. None of the calls the victim makes on voice over LTE are immune to eavesdropping.
Positive Technologies researchers pointed out that the cause of 4G vulnerabilities is that the industry deliberately chooses to prioritize improving network delays and data processing speeds over security. Processor and other hardware limitations of mobile devices when connected to 4G are most likely the deciding factor.
To protect data from unauthorized access, the researchers recommend network administrators analyze the security of the mobile network for suspicious behavior and update network security settings due to legitimate changes in the network. The researchers also advise using special instruments for monitoring, analyzing and filtering messages across network boundaries.
To avoid 4G vulnerabilities, employees should be required, as part of the BYOD policy, to register their personal devices in the enterprise's mobile device management server. In collaboration with the network administrator, the server administrator can remotely encrypt emails and text messages on registered devices and immediately shut down devices that have been hacked. Also, all the passwords used on the registered mobile devices must be approved or supplied by the server administrator.
Not all device operating systems are supported by the same mobile device management (MDM) software provider. For example, an enterprise could use MDM software that supports Apple iOS, Google Android and Windows Phone, but not the BlackBerry 10 operating system, barcode scanners and wristwatches.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Wireless network security
Related Q&A from Judith Myerson
A previously disclosed flaw found in Broadcom's Wi-Fi controller chips is now believed to affect the Lenovo ThinkPad. Learn how this vulnerability ... Continue Reading
Multiple Border Gateway Protocol vulnerabilities were found impacting security in the Quagga routing software. Expert Judith Myerson explains how ... Continue Reading
ICS-CERT issued a warning about a new vulnerability in Nortek Linear eMerge E3 products. Discover what this vulnerability is and how it affects ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.