chris - Fotolia
According to recent research, there are serious 4G vulnerabilities that affect mobile users. What are these 4G vulnerabilities? How should enterprises protect their employees who use affected mobile devices for work?
Lax or absent protection mechanisms in 4G networks can enable an attacker to intercept sensitive information, like the user's Mobile Station International Subscriber Directory Number and International Mobile Subscriber Identity. This information can help attackers discover where and when the targeted subscribers use their mobile devices.
These man-in-the-middle attacks are performed to access and read encrypted emails, text messages and browsing history. None of the calls the victim makes on voice over LTE are immune to eavesdropping.
Positive Technologies researchers pointed out that the cause of 4G vulnerabilities is that the industry deliberately chooses to prioritize improving network delays and data processing speeds over security. Processor and other hardware limitations of mobile devices when connected to 4G are most likely the deciding factor.
To protect data from unauthorized access, the researchers recommend network administrators analyze the security of the mobile network for suspicious behavior and update network security settings due to legitimate changes in the network. The researchers also advise using special instruments for monitoring, analyzing and filtering messages across network boundaries.
To avoid 4G vulnerabilities, employees should be required, as part of the BYOD policy, to register their personal devices in the enterprise's mobile device management server. In collaboration with the network administrator, the server administrator can remotely encrypt emails and text messages on registered devices and immediately shut down devices that have been hacked. Also, all the passwords used on the registered mobile devices must be approved or supplied by the server administrator.
Not all device operating systems are supported by the same mobile device management (MDM) software provider. For example, an enterprise could use MDM software that supports Apple iOS, Google Android and Windows Phone, but not the BlackBerry 10 operating system, barcode scanners and wristwatches.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Wireless network security
Related Q&A from Judith Myerson
An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what ... Continue Reading
Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch... Continue Reading
The TP-Link EAP Controller for Linux was recently found to be vulnerable to attacks. Learn from Judith Myerson what this means for users and how it ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.