Infosec wizards show how spies can snoop on website traffic, redirect browsers over 4G
Boffins have demonstrated how intelligence agencies and well-resourced hackers can potentially spy on people – by studying and meddling with mobile data flying over the airwaves.
The computer scientists have described in detail novel surveillance techniques that allowed them to identify people within a phone tower's radio cell, determine which websites they visited from their handsets, and redirect them to malicious webpages by tampering with DNS lookups.
The three attacks – explained on a dedicated website – all target the data link layer of LTE, aka Long-Term Evolution, aka 4G, networks.
The identification and website snooping techniques are passive, in that a spy just listens to what's going out over the airwaves from phones, whereas the webpage redirection attack is an active operation – an agent needs to set up a malicious cell tower to tamper with transmissions.
The website spying works by identifying, to a particular level of certainty, sites by their patterns of traffic over the air.