According to recent research, there are serious 4G vulnerabilities that affect mobile users. What are these 4G...
vulnerabilities? How should enterprises protect their employees who use affected mobile devices for work?
Lax or absent protection mechanisms in 4G networks can enable an attacker to intercept sensitive information, like the user's Mobile Station International Subscriber Directory Number and International Mobile Subscriber Identity. This information can help attackers discover where and when the targeted subscribers use their mobile devices.
These man-in-the-middle attacks are performed to access and read encrypted emails, text messages and browsing history. None of the calls the victim makes on voice over LTE are immune to eavesdropping.
Positive Technologies researchers pointed out that the cause of 4G vulnerabilities is that the industry deliberately chooses to prioritize improving network delays and data processing speeds over security. Processor and other hardware limitations of mobile devices when connected to 4G are most likely the deciding factor.
To protect data from unauthorized access, the researchers recommend network administrators analyze the security of the mobile network for suspicious behavior and update network security settings due to legitimate changes in the network. The researchers also advise using special instruments for monitoring, analyzing and filtering messages across network boundaries.
To avoid 4G vulnerabilities, employees should be required, as part of the BYOD policy, to register their personal devices in the enterprise's mobile device management server. In collaboration with the network administrator, the server administrator can remotely encrypt emails and text messages on registered devices and immediately shut down devices that have been hacked. Also, all the passwords used on the registered mobile devices must be approved or supplied by the server administrator.
Not all device operating systems are supported by the same mobile device management (MDM) software provider. For example, an enterprise could use MDM software that supports Apple iOS, Google Android and Windows Phone, but not the BlackBerry 10 operating system, barcode scanners and wristwatches.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Wireless network security
Related Q&A from Judith Myerson
Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power ... Continue Reading
Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. ... Continue Reading
A QR code vulnerability was recently discovered in the Apple iOS 11 camera app. Learn how an attacker could exploit it and how to avoid the issue ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.