OASIS Emergency Management TC

 View Only

4G LTE Security Flaws- potential false emergency alerts

  • 1.  4G LTE Security Flaws- potential false emergency alerts

    Posted 03-07-2018 02:29
    A security flaw which may be of interest to the emergency community.  Particularly the point about false emergency alerts.   4G LTE Security Flaws (March 2 & 5, 2018)   Vulnerabilities in the 4G LTE wireless telecommunications standard could be exploited to send phony emergency alert messages to mobile phones and launch at least nine other attacks. Researchers from Purdue University and the University of Iowa have published a paper describing tool they have developed to detect these security issues.   Editor's Note [ Neely ] Some of the security in LTE depends on security by obscurity, including temporary random unique identifiers which turned out to be neither temporary or random. Expect carriers to jump on remedying that oversight. Read more in: -   www.zdnet.com : New LTE attacks can snoop on messages, track locations and spoof emergency alerts -   www.cyberscoop.com : Researchers uncover 4G LTE exploits that can be used to spy, spoof and cause panic -   arstechnica.com : LTE security flaws could be used for spying, spreading chaos -   www.scmagazine.com : Researchers: LTE vulnerabilities enable attackers to disrupt service, send fake emergency alerts -   assets.documentcloud.org : LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE       Scott M Robertson, PharmD, RPh, FHL7 Principal Technology Consultant Health IT Strategy & Policy   Kaiser Permanente Information Technology Technology Risk Office Office of the CTRO tro.kp.org Pasadena / Torrance, CA 310-200-0231 (office) scott.m.robertson@kp.org kp.org/thrive   NOTICE TO RECIPIENT:   If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents.   If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them.   Thank you.