4G LTE could spur DDoS, mobile data theft

The rise of 4G LTE networks can bring about security incidents such as distributed denial-of-service (DDoS) attacks on corporate and home networks, and data theft on mobile devices, industry watchers say.

According to Michela Menting, cybersecurity senior analyst at ABI Research, hackers can leverage the high speed and increased data capacity of LTE networks, and fast processing capabilities of smartphones to perpetuate DDoS attacks.

Most nations are susceptible to this as they increasingly wire up with LTE networks and smartphone adoption is increasing rapidly worldwide, she observed.

Elaborating, she noted LTE networks use Internet Protocol (IP) based communication in their transport network and base stations. Their core network point of entrance being through femtocells, a base station which acts as a wireless access point for a home or business, she pointed out.

While femtocells are popular among operators because they are a less expensive alternative to upgrade, they also require the exposure of public IP addresses of security gateways to enable communication between the end-user device and the core network, she noted. An increase in femtocell deployment could lead to more exposure to IP-based threats such as denial-of-service attacks, she said.

"Consequently, increasingly aggressive network attacks against subscriber identity management, routing and roaming, can be expected," she added.

Mobile devices, data potentially more vulnerable
Another observer Patrick Lum, senior consultant at Verizon's risk group, noted hackers can design malware which create botnets, or centrally controlled networks of compromised systems, and they can be used for the purposes of sending spam or participating in DDoS attacks.

With LTE operating as an IP network and providing higher bandwidth, mobile phones will be a "lucrative" target for hackers looking to expand their existing botnets, Lum explained.

This will also result in a significant increase in new IPs, which could lead to hackers to create phishing attacks which can lead to data theft and loss since many users tend to store sensitive data on their mobile phones, he said.

Femtocells will be deployed wherever people and businesses need them, such as inside homes, shopping centers, airports and hospitals, Menting warned. This means it will be much easier for hackers to "wreak havoc" in specifically targeted areas, she said.

Those that provide online services such as e-commerce and Internet banking are more at risk compared to those with just a Web page, because any disruption in the online service will inevitably lead to a loss in revenue or fines from authorities, he said.

Partner telcos, ISPs, have internal DDoS plan
Telcos and internet service providers (ISPs) will have to limit and mitigate threats as they happen, and continuously work to patch vulnerabilities once they are exposed, Menting suggested.

Companies can also have agreements and with the hosting provider or the ISPs providing the network service, Lim added.

"These external parties often have the ability to filter or block DDoS attacks within their own network environment before the attack reaches the victim's networks," he said.

Internally, companies must devise a DDoS response plan with key processes and procedures for IT personnel to follow in case of a potential attack, he said. Adequate preparation will enable companies to anticipate DDOS attacks or identifying risk, which will go a long way in preventing significant data or revenue loss for a company, he said