chris - Fotolia
According to recent research, there are serious 4G vulnerabilities that affect mobile users. What are these 4G vulnerabilities? How should enterprises protect their employees who use affected mobile devices for work?
Lax or absent protection mechanisms in 4G networks can enable an attacker to intercept sensitive information, like the user's Mobile Station International Subscriber Directory Number and International Mobile Subscriber Identity. This information can help attackers discover where and when the targeted subscribers use their mobile devices.
These man-in-the-middle attacks are performed to access and read encrypted emails, text messages and browsing history. None of the calls the victim makes on voice over LTE are immune to eavesdropping.
Positive Technologies researchers pointed out that the cause of 4G vulnerabilities is that the industry deliberately chooses to prioritize improving network delays and data processing speeds over security. Processor and other hardware limitations of mobile devices when connected to 4G are most likely the deciding factor.
To protect data from unauthorized access, the researchers recommend network administrators analyze the security of the mobile network for suspicious behavior and update network security settings due to legitimate changes in the network. The researchers also advise using special instruments for monitoring, analyzing and filtering messages across network boundaries.
To avoid 4G vulnerabilities, employees should be required, as part of the BYOD policy, to register their personal devices in the enterprise's mobile device management server. In collaboration with the network administrator, the server administrator can remotely encrypt emails and text messages on registered devices and immediately shut down devices that have been hacked. Also, all the passwords used on the registered mobile devices must be approved or supplied by the server administrator.
Not all device operating systems are supported by the same mobile device management (MDM) software provider. For example, an enterprise could use MDM software that supports Apple iOS, Google Android and Windows Phone, but not the BlackBerry 10 operating system, barcode scanners and wristwatches.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Wireless network security
Related Q&A from Judith Myerson
New speculative execution vulnerabilities have been found affecting Intel processors. Learn how these flaws can lead to side-channel attacks with ... Continue Reading
Qihoo 360 Netlab researchers found that TZSP traffic was being redirected from vulnerable routers. Learn what this type of traffic is and how this ... Continue Reading
Researchers from Positive Technologies found flaws affecting NCR ATMs. Discover how these ATM vulnerabilities work and how a patch can mitigate this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.