At the infamous Def Con conference earlier this month, a hacker successfully implemented an MITM (man-in-the-middle) attack on a number of attendees’ cell phones in what might be the first recorded case of a 4G cellular network breach. The next week, researchers from Massachusetts Institute of Technology presented a security scheme at Usenix Security Symposium that’s been designed to create connections while, at the same time, protecting wireless devices against this very sort of attack.
In an MITM attack, the perpetrator tries to broadcast a key simultaneously with two wireless devices that are trying to connect to one another. If successful, he may fool one or both of those devices into thinking that his device is what they were trying to reach, and then he has access to any further transmissions that might be made from the fooled device(s). Password protection and infrared transmitters were previously the best defenses against MITM attacks.
Researcher Nickolai Zeldovich says: “None of these solutions are quite satisfactory. The cool thing about this work is that it takes some insight from somewhat of a different field, from wireless communication — actually, fairly low-level details about what can happen in terms of wireless signals — and observes that, hey, if you assume some of these properties about wireless networks, you can actually get stronger guarantees.”
The MIT researchers’ wireless security solution is to make it harder for an MITM attacker’s code to fool devices into thinking his device is legitimate by having the real devices transmit a second stream of numbers that correspond to a known mathematical operation. Failure by the MITM attacker’s device to answer this second stream is what alerts the users being attacked to the attempted funny business.
“You could imagine that the same protocol could be used in cell phone networks as well,” Zeldovich says. “At the design level, the idea sounds like it should be applicable.”