Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday February 25 2019, @01:14PM   Printer-friendly
from the another-day-another-flaw dept.

Submitted via IRC for chromas

New flaws in 4G, 5G allow attackers to intercept calls and track phone locations

A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users.

The findings are said to be the first time vulnerabilities have affected both 4G and the incoming 5G standard, which promises faster speeds and better security, particularly against law enforcement use of cell site simulators, known as “stingrays.” But the researchers say that their new attacks can defeat newer protections that were believed to make it more difficult to snoop on phone users.

“Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper, told TechCrunch in an email.

Hussain, along with Ninghui Li and Elisa Bertino at Purdue University, and Mitziu Echeverria and Omar Chowdhury at the University of Iowa are set to reveal their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday.

[...] Given two of the attacks exploit flaws in the 4G and 5G standards, almost all the cell networks outside the U.S. are vulnerable to these attacks, said Hussain.  Several networks in Europe and Asia are also vulnerable.

Given the nature of the attacks, he said, the researchers are not releasing the proof-of-concept code to exploit the flaws.

[...] Hussain said the flaws were reported to the GSMA, an industry body that represents mobile operators. GSMA recognized the flaws, but a spokesperson was unable to provide comment when reached. It isn’t known when the flaws will be fixed.

[...] The paper comes almost exactly a year after Hussain et al revealed ten separate weaknesses in 4G LTE that allowed eavesdropping on phone calls and text messages, and spoofing emergency alerts.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday February 25 2019, @01:58PM

    by Anonymous Coward on Monday February 25 2019, @01:58PM (#806300)

    Send a call to the phone
    Check if more traffic shows up from the phone
    Cancel the call before the call shows up to the user
    If you saw traffic, the phone is near.

    If this is the attack, then it appears to be kind of like send a call to a guy in a group and see who answers the phone.
    Not sure if that is a flaw or just how phones work.

    If would be annoying if the phone network was kind enough to not require the bad guy to be near enough to hear the transaction between tower and phone.