updated 05:20 pm EDT, Fri August 26, 2011
Fix announced after 1st reported 4G network breach
MIT researchers have found a way to defend against "man-in-the-middle" (MITM) attacks on wireless connections. The new security technique doesn't have to rely on passwords as part of the protection scheme. The researchers have only demonstrated the effectiveness of the technique on a Wi-Fi network, such as connections between phones, laptops, cell towers and wireless routers, but believe it would be equally effective for links between a phone and a wireless headset, a medical implant and a wrist-mounted monitor, or a computer and a wireless speaker system.
An MITM attack can occur when two wireless devices initiate a secure connection. Ordinarily, the two devices exchange a coded key used to encrypt any messages. An attacker, by timing it correctly, can broadcast his own key, which is mistaken by both devices as belonging to the other, and then intercept any communications.
Using passwords can minimize the risk of an MITM attack, but often, the password is either very simple, or is common knowledge, such as often is the case in a Wi-Fi network in an airport, library, or coffee shop. For the breach to work the attacker must block the initial signal from the legitimate sender. The MIT safeguard sends out a second sequence of numbers which, if not received properly by the second legitimate receiving device, will flag the existence of a MITM attempt.
Earlier this month, a MITM attack against 4G mobile phone users was reported at the Def Con conference, an annual gathering of computer hackers. If verified, this would be the first known breach of a 4G network.