SoylentNews is people
SoylentNews
A group of American university researchers have broken key 4G LTE protocols to generate fake messages, snoop on users, and forge user location data.
Those working on the coming 5G protocols should take note: the vulnerabilities are most worrying because they're written into the LTE protocols, and could therefore have an industry-wide impact.
Identified by Purdue University's Syed Rafiul Hussain, Shagufta Mehnaz and Elisa Bertino with the University of Iowa's Omar Chowdhury, the protocol procedures affected are:
- Attach – the procedure that associates a subscriber device with the network (for example, when you switch the phone on);
- Detach – occurs when you switch your device off, or if the network disconnects from the device (for example because of poor signal quality, or because the phone can't authenticate to the network); and
- Paging – this protocol is part of call setup, to force the device to re-acquire system information, and in emergency warning applications.
The researchers' paper (PDF) describes an attack tool called LTEInspector, which the researchers said found exploitable vulnerabilities that resulted in "10 new attacks and nine prior attacks” (detecting old vulnerabilities helped the researchers validate that the new vulns were genuine).
(Score: 4, Interesting) by DannyB on Tuesday March 06 2018, @05:55PM (8 children)
I have suggested this possibility before [soylentnews.org] (on more than one occasion) that either:
1. Stingray works by using stolen credentials / crypto keys
2. Stingray works by knowledge of inherent weakness baked in to the protocol and not easily changed
This article would seem to suggest the latter.
And of course, I suggested the likely outcome.
DannyB previously wrote [soylentnews.org] . . .
The lower I set my standards the more accomplishments I have.
(Score: 2) by requerdanos on Tuesday March 06 2018, @07:27PM (3 children)
May it be also noted that things like Stingrays are an inevitable consequence of bad ideas like deliberately defective encryption designed to be trivially exploited by "the government" or "law enforcement".
Mistakes in design here give us a preview of what happens if you include mistakes in your design.
Almost as if it were Defective by Design [defectivebydesign.org]...
(Score: 2) by DannyB on Tuesday March 06 2018, @07:52PM (2 children)
Whether it is by design or not may never be known. But it doesn't not change the outcome.
There is no need to assume incompetence when mere malice will suffice as an explanation.
The lower I set my standards the more accomplishments I have.
(Score: 2) by DannyB on Tuesday March 06 2018, @07:54PM (1 child)
Ugh! . . . doesn't not.
The lower I set my standards the more accomplishments I have.
(Score: 2) by requerdanos on Tuesday March 06 2018, @09:32PM
Whether your design is bad because you missed something, or because you are incompetent, or because you are malicious, or for any other reason, good or bad, the fact remains, your design is still bad.
This applies in communication protocol security, encryption, indeed everywhere in the known universe.
(Score: 0) by Anonymous Coward on Tuesday March 06 2018, @11:57PM
With its secrets one could build an app that let you know when you were being spied on
(Score: 2) by stormwyrm on Wednesday March 07 2018, @04:03AM (2 children)
The first hypothesis seems much more plausible, since law enforcement doesn't need to use stolen keys. They can always twist the arms of the telcos to cough up whatever keys they are using, and with suitably worded National Security Letters, the telcos also can't tell anyone that they were so coerced. It also means that no one else can easily do the same thing, and if the keys do get compromised by some other external party, the deal ("I am altering the deal... pray I do not alter it further") that law enforcement made with the telcos would definitely say that any changes in keys need to be provided as well. The second hypothesis is much more dicey. If there were vulnerabilities deliberately introduced into the phone protocols, then that would mean that anyone smart enough to use them could compromise the phone system! The vulnerabilities only need to be discovered once by some open researcher, and then it's open season. That isn't just bad for the privacy of the telcos' subscribers, rich or poor, it's also very bad news for the bottom lines of the telcos, because an insecure phone system would make it possible to cheat the phone company out of service, the way the phone phreaks of yore were once able to do. They whine today about legitimate, paying subscribers saturating their "unlimited" data plans, think of what would happen should phone phreaking become a thing again!
No, I think these vulnerabilities being discovered in LTE are more a sign of incompetence rather than malice.
Numquam ponenda est pluralitas sine necessitate.
(Score: 0) by Anonymous Coward on Wednesday March 07 2018, @09:26AM
The gov certainly can compel businesses do anything. But I bet they wouldn't like to appear to be overreaching and like an all-seeing-eye in the pretend democracy. And then there is the funny idea of American exceptionalism, maybe these idiots think that no other party posesses the capability that good old yanks do, meaning if there is a clever backdoor, nobody else will find it. Sure it will take more than whistling into a handset but if one person can do something, somebody else also will, if not now then possibly very soon. And it would certainly cut some red tape not having to ask for anything but just take it...
So perhaps the first theory is correct after all because of incompetence rather than malice of the gov.
The level of incompetence displayed by various supposedly highly prodessional organizations never ceases to amaze me. It's like they have no actual 1) managers 2) experts. And the "compensation" and bonuses of various kinds they enjoy are out of this world and should their house of cards fall, they get to deploy amazing golden parachutes, every time. It has heads-I-win-tails-you-lose all over it.
/morning rant
(Score: 2) by DannyB on Wednesday March 07 2018, @03:52PM
Theory 1: Law enforcement has no idea how it works. (And remember, it's SECRET!) To law enforcement it is just a black box. Even if it uses stolen keys / credentials, law enforcement would be blissfully unaware. And, this would perfectly explain why no Stingray case will ever see a courtroom.
You make a good point I had not considered about NSL's to force production of anything, even source code, or whatever it takes, to implement Stingray.
You're probably right about incompetence rather than malice. Under theory 2, I think it would simply be incompetence. But I'm very open to it being malice if there is any evidence. I would not be one bit surprised if that were proven true.
The lower I set my standards the more accomplishments I have.