chris - Fotolia

Which 4G vulnerabilities should BYOD users be aware of?

Enterprises should consider pressing 4G vulnerabilities when developing a BYOD strategy for their employees. Expert Judith Myerson explains the flaws and what to do about them.

According to recent research, there are serious 4G vulnerabilities that affect mobile users. What are these 4G vulnerabilities? How should enterprises protect their employees who use affected mobile devices for work?

Lax or absent protection mechanisms in 4G networks can enable an attacker to intercept sensitive information, like the user's Mobile Station International Subscriber Directory Number and International Mobile Subscriber Identity. This information can help attackers discover where and when the targeted subscribers use their mobile devices.

These man-in-the-middle attacks are performed to access and read encrypted emails, text messages and browsing history. None of the calls the victim makes on voice over LTE are immune to eavesdropping.

Positive Technologies researchers pointed out that the cause of 4G vulnerabilities is that the industry deliberately chooses to prioritize improving network delays and data processing speeds over security. Processor and other hardware limitations of mobile devices when connected to 4G are most likely the deciding factor.

To protect data from unauthorized access, the researchers recommend network administrators analyze the security of the mobile network for suspicious behavior and update network security settings due to legitimate changes in the network. The researchers also advise using special instruments for monitoring, analyzing and filtering messages across network boundaries.

To avoid 4G vulnerabilities, employees should be required, as part of the BYOD policy, to register their personal devices in the enterprise's mobile device management server. In collaboration with the network administrator, the server administrator can remotely encrypt emails and text messages on registered devices and immediately shut down devices that have been hacked. Also, all the passwords used on the registered mobile devices must be approved or supplied by the server administrator.

Not all device operating systems are supported by the same mobile device management (MDM) software provider. For example, an enterprise could use MDM software that supports Apple iOS, Google Android and Windows Phone, but not the BlackBerry 10 operating system, barcode scanners and wristwatches.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

This was last published in December 2017

Dig Deeper on Network security