Got An AT&T iPhone? It May Be Vulnerable To Cellular Hijacking

Got An AT&T iPhone? It May Be Vulnerable To Cellular Hijacking

... thanks to AT&T.

AT&T is one of 48 carriers worldwide which have a network vulnerability that allows hackers to intercept cellular data and inject malicious content into the traffic that passes between smartphones and the websites they visit. The flaw can be used to transfer code to unencrypted pages which causes a user to perform unintended actions, like sending messages or friend requests from Facebook and Twitter. And your iPhone may be vulnerable.

What’s most worrying is that the attack can also be used to redirect users to fraudulent banking websites. The vulnerability lies within certain firewalls used by certain cellular carriers, which, ironically, are intended to make data networks safer. Ars Technica explains:

While intended to make the networks safer, these firewall middleboxes allow hackers to infer TCP sequence numbers of data packets appended to each data packet, a disclosure that can be used to tamper with Internet connections.

The vulnerability was discovered by researchers from the University of Michigan’s Computer Science and Engineering Department, who detailed their findings in a research paper which will be presented at this week’s IEEE Symposium on Security and Privacy. The paper reads:

The TCP sequence number inference attack opens up a whole new set of attack venues. It breaks the common assumption that communication is relatively safe on encrypted/protected WiFi or cellular networks that encrypt the wireless traffic. In fact, since our attack does not rely on sniffing traffic, it works regardless of the access technology as long as no application-layer protection is enabled.

Attacks were tested on 150 unnamed carriers worldwide — 48 of which were found to be using the vulnerable firewall — with a selection of Android-powered smartphones from HTC, Motorola, and Samsung. However, Zhiyun Qian, one of the coauthors of the paper, told Ars that “there’s no reason to believe iOS devices from Apple can’t be hijacked as well.”

AT&T claims that “the report does not provide enough detail for us to confirm a conclusion,” however, it does promise to “take a look at the issues raised.”

The researchers have developed a whole range of attacks that work in different scenarios. One uses a malicious app installed on an Android device to intercept certain data packets and hijack connections and inject malicious content, while another uses intermediate routers to send data through a carrier network.

But one variation requires no malware whatsoever, and uses URL phishing to lure users onto malicious websites.

When certain conditions are met, the attack can replace the content of the site with arbitrary traffic, or if the user is logged in to the targeted site, can inject JavaScript into the pages that steals authentication cookies or performs actions on behalf of the victim.

The ingredient present in all of these attacks is a vulnerable firewall on the carrier network, which uses sequence numbers for connections the end user has made with other address on the Internet. These firewalls come from a variety of manufacturers, including Cisco, Juniper, and Check Point.

“They all build on top of the sequence number inference,” Qian said of the attacks. “Without the sequence number, all of these attacks would not be possible, so you can think of sequence number inference as a building block for all of these attacks.”

Qian believes all of the firewalls should be turned off, but notes that carriers may have their own reasons not to disable them.

  • PomsterSmoker

    The vulnerability obviously comes from telco’s choice of firewall and configuration options… having the article titled as “Got An AT&T iPhone? It May Be Vulnerable To Cellular Hijacking” and a BIG RED PWNED over an image of the iPhone just shows the desperation of the author to gain some clicks and readership to an otherwise poorly written and justified article… 

    The vulnerability obviously applies to all smartphones, regardless of manufacturer or model… 
  • technochick

    zero proof that an iPhone is vulnerable, particularly if not jailbroken. making this headline borderline FUD. 

    classy Killian, real classy. 
  • Lane Jasper

    #headlinefail

  • BurtTherese

    what Tammy said I’m amazed that a single mom can earn $6128 in four weeks on the internet. have you read this web site(Click on menu Home more information)  http://goo.gl/cpQHL


  • Seven Colour Gosips

    YEAH THIS ARTICLE IS VERY TRUE ,USEFUL THANKS FOR THE SMART VIEWS BUT I HAVE READ THIS ARTICLE AND FIND SOME MORE ASPECTS CHECK THIS http://sevencolourgossips.wordpress.com/2012/08/30/malware-flawcomputer-experts-warn-users-and-suggested-solution/

About the author

Killian BellKillian Bell is a staff writer based in the U.K. He has an interest in all things tech and also covers Android over at CultofAndroid.com. You can follow him on Twitter via @killianbell.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: , , , , , , , , , , , |