美女科技黑客视频(顶级黑客视频)

黑帽SEOhacker2022-08-28 19:30:201211A⁺A^-

　　【新朋友】点击标题下面蓝字「皮鲁安全之家」关注　　【老朋友】点击右上角，分享或收藏本页精彩内容　　【公众号】搜索公众号：皮鲁安全之家，或者ID ：piluwill

来源：

http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/?mt=1477622851624

RuxconHacker Wanqiao Zhang of Chinese security house Qihoo 360 has blown holes in 4G LTE networks by detailing how to intercept and make calls, send text messages and even force phones offline.

The still-live vulnerabilities were hacking confab in Melbourne, Australia, this weekend, including a demonstration of recording a call on a live network. To do this, an attacker must exploit fall-back mechanisms designed to ensure continuity of phone services in the event of overloads.

The team tested their work against Frequency Division Duplexing (FDD) LTE networks, which are more popular than Time Division Duplexing (TDD) LTE and are used in Britain, the US, and Australia. The competing TDD-LTE design is more common in Asian countries and in regions where population densities are higher.

展开全文

Zhang conducted further tests after The Registerinquired whether the attacks would work against TDD-LTE and found all LTE networks and devices are affected.

"I asked my colleagues to test TDD-LTE yesterday and it works well, so it really can work against all LTE devices," Zhang said. "This attack exists [and] it's still reasonable."

To exploit the LTE network, an attacker exchanges a series of messages between malicious base stations and targeted phones. This results in miscreants gaining a man-in-the-middle position from where they can listen to calls or read SMS, or force phones back to 2G GSM mode where any voice and basic data services can be intercepted.

From the presentation ... An LTE attack flow

Zhang said the attacks are possible because LTE networks allow users to be handed over to underused base stations to ensure connectivity during big emergencies such as natural disasters.

“You can create a denial of service attack against cellphones by forcing phones into fake networks with no services,” Zhang told the conference.

“You can make malicious calls and SMS and … eavesdrop on all voice and data traffic.”

美女科技黑客视频(顶级黑客视频)

The 3GPP telco body that oversees has known about the security shortcomings since at least 2006 when it issued a document describing Zhang’s forced handover attack, and accepts it as a risk. The 3GPP’s SA WG3 working group which handles security of LTE and other networks proposed in a May meeting that it would refuse-one-way authentication and drop encryption downgrade requests from base stations.

Three of the fail-over emergency features can be abused for specific attacks, Zhang says; global roaming features allow IMSI capture, battery energy saving for denial of service, and load balancing for redirection.

Zhang uses Ravishankar Borgaonkar, and Altaf Shaik’s with a femtocell to pull off the over-the-air meddling. A series of radio resource control protocol messages using the international mobile subscriber identity (IMSI) numbers captured in the IMSI catcher can be used to trigger a denial of service, place calls and send texts, or intercept communications.

Zhang modified code from the alpha-grade open-source project to track network availability updates in the area, which is critical to successfully pulling off the attacks.

She says phone manufacturers should ignore base station redirection commands and instead use automatic searchers to find the best available. This would prevent attackers from forcing LTE devices to connect to malicious stations.

A warning message about security risks could suffice as a cheaper and less effective fix. ®

根据国外信息安全媒体的最新报道，来自奇虎360独角兽团队的中国美女黑客张婉桥在4G LTE通信网络中发现了安全漏洞，并且在Ruxcon黑客大会上向全世界展示了如何拦截LTE通信网络中的语音通信和短信消息。除此之外，攻击者甚至还可以利用这个漏洞来迫使目标手机失去信号。

大会报道

在本周末举办于澳大利亚墨尔本的Ruxcon黑客大会上，安全研究专家们对目前各类系统中存在的安全漏洞进行了详细地探讨。在此次大会上，来自中国的安全研究专家还向外界演示了将手机从LTE网络降级到可窃听信息的2G伪基站的攻击过程。为了实现这种攻击，攻击者必须利用通信系统中的重定向机制，而这个机制可以在通信系统出现过载的情况下保证保证用户正常地接入基站。

根据安全研究专家透露的信息，他们的团队对频分双工（FDD）LTE网络进行了测试。之所以选择对这种类型的网络进行测试，主要是因为在英国、美国和澳大利亚等地区，频分双工（FDD）LTE网络比时分双工（TDD）LTE网络要更受消费者的欢迎。实际上，TDD-LTE网络在亚洲国家和人口密度较大的地区使用得比较多。

为了弄清楚攻击者是否可以利用这些漏洞来对TDD-LTE网络进行攻击，同时也为了弄清楚是否所有的LTE网络和LTE设备都有安全风险，于是张婉桥又进行了大量的安全测试。

张婉桥在回复记者采访时说道：

“我们在参会前同时也对TDD-LTE网络进行了安全测试，发现我们的攻击方法对TDD-LTE网络同样奏效。所以我们可以推断，所有类型的LTE设备都将有可能受到这种攻击的影响。”

在对LTE网络实施攻击时，攻击者可以通过在恶意基站和目标手机之间信令的交互来迫使手机落入他们预先设定好的伪基站中。一旦手机信号落入2G伪基站中，他们就可以通过中间人的攻击方式来监听手机通话与短信消息了。需要引起注意的是，在2G模式下，目前的技术是可以将手机的所有数据流量进行劫持分析的。

张婉桥表示，这种攻击方式之所以能够奏效，主要是因为在类似自然灾害等重大突发事件发生时，LTE网络会将用户的通讯信号转移至其他空闲的或可用的基站，并以此来保障用户的正常通信。

张婉桥在大会上说到：

“在进行重定向攻击之前你还可以对手机进行DOS攻击，让手机掉入无服务状态而不自知，并且这种状况通过重启手机才可以恢复，单单通过飞行模式切换都是无效的。并且这三种漏洞的存在也是合理的：由于手机需要全球漫游服务，使得获取手机身份标识的IMSI码攻击成为可能，而由于手机需要在没有基站服务的情况下自动进入省电模式，使得DOS攻击有了实现的可能。最后，又由于基站系统需要均衡系统的负载情况，使得重定向攻击有机可乘。”

美女科技黑客视频(顶级黑客视频)