Among 48 carriers which have been identified with network vulnerability, AT&T is one of them. Computer scientists have found that this vulnerability allow hackers to usurp the cellular data and introduce malicious content into the traffic that passes between cellular phones and the websites visited by them.The terrible thing about this vulnerability is that it can be used by hackers in transferring code to unencrypted pages from leading social networking sites like Facebook and Twitter, which causes a user to act upon unintended actions, like posting messages or sending friend requests.
The nastiest part of this new finding which can lead e-banking in deep trouble is that it can tempt people to log into fraudulent banking websites and introduce them to fraudulent messages via chat sessions. If you think that having a firewall will safeguard your computer then you are mistaken here as, class of firewalls cellular carriers is used in order to bring in this vulnerability.
“While intended to make the networks safer, these firewall middleboxes allow hackers to infer TCP sequence numbers of data packets appended to each data packet, a disclosure that can be used to tamper with Internet connections.”
The vulnerability was revealed by researchers from the University of Michigan’s Computer Science and Engineering Department, and a research paper based on this vulnerability will be presented at this week’s IEEE Symposium on Security and Privacy. The paper reads:
“The TCP sequence number inference attack opens up a whole new set of attack venues. It breaks the common assumption that communication is relatively safe on encrypted/protected WiFi or cellular networks that encrypt the wireless traffic. In fact, since our attack does not rely on sniffing traffic, it works regardless of the access technology as long as no application-layer protection is enabled.”
Interestingly, worldwide 150 unnamed carriers were being chosen to carry out vulnerability test and out of those 150 carriers,48 carriers were found to be using the vulnerable firewall. Zhiyun Qian, one of the co-authors of the paper, told Ars that “there’s no reason to believe iOS devices from Apple can’t be hijacked as well.”
While countering the research findings that revealed that AT&T iPhone May Be Vulnerable To Cellular Hijacking, AT&T claims that “the report does not provide enough detail for us to confirm a conclusion,” however, it does promise to “take a look at the issues raised.”
Zhiyun Qian (one of the coauthors of the paper) told Ars, the attack will also work against computers connected to networks using cellular cards or smartphone tethers. He said there’s no reason to believe iOS devices from Apple can’t be hijacked as well.
Zhiyun Qian stated that ‘In my opinion, they should be turned off,” while pointing out towards sequence number checks. “However, the carriers may have their own reasons not to.”
Well one thing is pretty clear after knowing about the severe loopholes in the cellular networks leading to Cellular Hijacking, that no matter how hard these cellular network tries, hijackers always find their way out but the need of an hour is to create a strong and reliable security system.