Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday March 06 2018, @03:44PM   Printer-friendly
from the good-protocols-gone-bad dept.

A group of American university researchers have broken key 4G LTE protocols to generate fake messages, snoop on users, and forge user location data.

Those working on the coming 5G protocols should take note: the vulnerabilities are most worrying because they're written into the LTE protocols, and could therefore have an industry-wide impact.

Identified by Purdue University's Syed Rafiul Hussain, Shagufta Mehnaz and Elisa Bertino with the University of Iowa's Omar Chowdhury, the protocol procedures affected are:

  • Attach – the procedure that associates a subscriber device with the network (for example, when you switch the phone on);
  • Detach – occurs when you switch your device off, or if the network disconnects from the device (for example because of poor signal quality, or because the phone can't authenticate to the network); and
  • Paging – this protocol is part of call setup, to force the device to re-acquire system information, and in emergency warning applications.

The researchers' paper (PDF) describes an attack tool called LTEInspector, which the researchers said found exploitable vulnerabilities that resulted in "10 new attacks and nine prior attacks” (detecting old vulnerabilities helped the researchers validate that the new vulns were genuine).


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 1, Interesting) by Anonymous Coward on Tuesday March 06 2018, @04:03PM (1 child)

    by Anonymous Coward on Tuesday March 06 2018, @04:03PM (#648536)

    We need to get back to basics: A network of simple, standardized access points.

    When your wireless network depends on beaming signals over large distances, then you need to be a large corporation to be able to maintain it and to comply with the rules of some kind of local VIM. That means proprietary protocols, which means feature complexity for the sake of market differentiation.

    That's a stupid way to do it.

    • (Score: 4, Insightful) by Anonymous Coward on Tuesday March 06 2018, @06:01PM

      by Anonymous Coward on Tuesday March 06 2018, @06:01PM (#648595)

      That would handle connect/disconnect events and secure encryption of the data line.

      But the truth is: They don't *WANT* these protocols secure. Government agencies need to ensure they can compromise specific cell phones at any time. Securing the network so only the cell phone and its service provider (not the network provider) can intercept transmissions would be very concerning for them.

      At this point in time all standards need to be scrutinized heavily, because government agencies and their agents are working hard to compromise standards in ways nation states can utilize while locking down hardware and standards in way normal citizens cannot.

  • (Score: 2, Informative) by requerdanos on Tuesday March 06 2018, @05:06PM (14 children)

    by requerdanos (5997) Subscriber Badge on Tuesday March 06 2018, @05:06PM (#648558) Journal

    Dear Richard Chirgwin of The Register,

    ...validate that the new vulns were genuine...

    The agglomeration of letters "vulns", in addition to having a sound that grates on the nerves, is not a word, is not a plural of also-not-a-word "vuln", and is not a common abbreviation, acronym, or other unit of communicable speech or writing. It's not even valid leet-speak or recognized slang.

    Although the reader can guess its meaning from its context, that's not an argument for using it in any communication, much less written communication intended for mass dissemination.

    Repent.

    • (Score: 2) by RamiK on Tuesday March 06 2018, @05:22PM (7 children)

      by RamiK (1813) on Tuesday March 06 2018, @05:22PM (#648568)

      While it's a shortening of vulnerability, vuln also means wound/harm so it's appropriate for software defects.

      https://en.wiktionary.org/wiki/vuln [wiktionary.org]

      https://www.thefreedictionary.com/vulns [thefreedictionary.com]

      --
      compiling...
      • (Score: 2) by requerdanos on Tuesday March 06 2018, @06:18PM (6 children)

        by requerdanos (5997) Subscriber Badge on Tuesday March 06 2018, @06:18PM (#648597) Journal

        Well, your harm/would usage is listed as an obsolete verb (not applicable), and the "shortening" listing is simply a note documenting the misuse in question. I am not saying it's inappropriate to use "in relation to software defects." It's not appropriate to use in communications to any audience wider than two nerds using made-up words.

        Sure, I am a nerd, and I make up words, but I don't publish articles written from them. Different audience, difference scope, different vocabulary.

        • (Score: 2) by mhajicek on Tuesday March 06 2018, @07:48PM (5 children)

          by mhajicek (51) on Tuesday March 06 2018, @07:48PM (#648635)

          Language evolves. If someone uses a word and someone else understands it, it's a word.

          --
          The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
          • (Score: 2) by DannyB on Tuesday March 06 2018, @09:13PM (3 children)

            by DannyB (5839) Subscriber Badge on Tuesday March 06 2018, @09:13PM (#648701) Journal

            If that is true, people would immediately derive meaning from 'words' like:

            afluenza
            jerkov
            mansplainer

            If what you say is true, then I would expect people to immediately infer meaning from these words, and potentially that these words would come into common use and therefore become actual words. Just not yet appearing in the Oxford dictionary. Like Perfory [urbandictionary.com]. But most people here probably don't remember perfory due to excessive use of laser or inkjet.

            --
            People today are educated enough to repeat what they are taught but not to question what they are taught.
            • (Score: 2) by mhajicek on Tuesday March 06 2018, @09:22PM

              by mhajicek (51) on Tuesday March 06 2018, @09:22PM (#648708)

              Not everyone knows all words, and many words require context.
              https://en.wikipedia.org/wiki/Polysemy [wikipedia.org]

              BTW, Google happily found those words that you listed.

              --
              The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
            • (Score: 2) by mhajicek on Tuesday March 06 2018, @09:28PM (1 child)

              by mhajicek (51) on Tuesday March 06 2018, @09:28PM (#648713)

              Also:

              "Vuln

              Abbreviation for "vulnerability." Another way to refer to bugs or software flaws that can be exploited by hackers."

              https://motherboard.vice.com/en_us/article/mg79v4/hacking-glossary [vice.com]

              So, not the first time or place the word has been used, and people know what it means. You are, of course, free to not like it, much as I hate the usage of "dampening" to mean "damping", or "less people" instead of "fewer people", but we're both fighting a loosing battle.

              --
              The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
              • (Score: 2) by requerdanos on Tuesday March 06 2018, @09:35PM

                by requerdanos (5997) Subscriber Badge on Tuesday March 06 2018, @09:35PM (#648717) Journal

                we're both fighting a loosing battle.

                Our language is defined by shared opinion. I am sharing mine and I encourage you to share yours, even if we are outnumbered by people who believe that "not tight" and "not win" and "misplace" are interchangeable L-words.

          • (Score: 2) by requerdanos on Tuesday March 06 2018, @09:29PM

            by requerdanos (5997) Subscriber Badge on Tuesday March 06 2018, @09:29PM (#648715) Journal

            language evolves

            Examples of desirable and undesirable [soylentnews.org] language evolution appear in a different comment in this thread.

            The TL;DR is that just because something frequently happens, does not always mean that it's a good thing. Often, it isn't.

    • (Score: 3, Funny) by All Your Lawn Are Belong To Us on Tuesday March 06 2018, @05:25PM

      by All Your Lawn Are Belong To Us (6553) on Tuesday March 06 2018, @05:25PM (#648571) Journal

      He will likely send you a neg on that and ask that u go away.

      --
      This sig for rent.
    • (Score: 2) by Freeman on Tuesday March 06 2018, @05:27PM (2 children)

      by Freeman (732) on Tuesday March 06 2018, @05:27PM (#648574) Journal

      Language changes over time. His use of "vulns" is perfectly valid for the audience he is trying to reach. Though one might liken it to an adult trying to sound "cool / hip".

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
      • (Score: 2) by requerdanos on Tuesday March 06 2018, @06:32PM (1 child)

        by requerdanos (5997) Subscriber Badge on Tuesday March 06 2018, @06:32PM (#648604) Journal

        Language changes over time.

        And it does so in three ways.
        1. Someone or some group finds a clearer or more apt way to do a feature of language and it catches on. (example: English plurals with unmodified root plus -s or -es instead of changing the root to add -en, French ê in place of es) (N/A here)
        2. Someone or some group starts doing a feature of language a merely different way and it catches on. (Example: modern English verb endings versus previous -eth endings, Latin American seseo vs. Spanish distinción with letters c, s, and z) (N/A here)
        3. Someone or esp. some group isn't good at language, misuses it, and propagates the misuse. (Bingo.)

        That #3 means that if enough people say that "up" means "down" then it becomes arguably so. They have already done this with "literally" being bastardized into "figuratively" and other wrongness-enshrined-by-idiots language changes.

        It also means that if enough people misuse language (a large minority, or a majority) then the wrong becomes the new right. That doesn't mean that this is a good thing; it's just an undesirable side effect of 1. and 2. above. People who know the difference should at least mention it when it comes up. Changes destined to become the new standards will survive such mentions. "Vulns" totes will not, in all rational hope.

        His use of "vulns" is perfectly valid for the audience he is trying to reach.

        That use is arguably at least not completely invalid within that group, but this is not usage within that group; it's an article published to the wider world. Different group (security nerds+world at large vs. security nerds), different vocabulary (correct and standard vs. whatevs random crappy you wanna throw togethies.)

        • (Score: 2) by DannyB on Tuesday March 06 2018, @07:48PM

          by DannyB (5839) Subscriber Badge on Tuesday March 06 2018, @07:48PM (#648636) Journal

          That #3 means that if enough people say that "up" means "down" then it becomes arguably so.

          (you miss out on the vocal sound to capture the exact meaning, but . . .)

          That's really baaaaaad, maaaaaan!

          (then someone else uses two positive words to suggest agreement . . .)

          Yeah, right.

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 0) by Anonymous Coward on Tuesday March 06 2018, @05:55PM (1 child)

      by Anonymous Coward on Tuesday March 06 2018, @05:55PM (#648591)

      It's The Register. What you gonna do next, post on SN that some Hip Hop black guy should not use Nigga?

  • (Score: 4, Interesting) by DannyB on Tuesday March 06 2018, @05:55PM (8 children)

    by DannyB (5839) Subscriber Badge on Tuesday March 06 2018, @05:55PM (#648590) Journal

    I have suggested this possibility before [soylentnews.org] (on more than one occasion) that either:
    1. Stingray works by using stolen credentials / crypto keys
    2. Stingray works by knowledge of inherent weakness baked in to the protocol and not easily changed

    This article would seem to suggest the latter.

    And of course, I suggested the likely outcome.

    DannyB previously wrote [soylentnews.org] . . .

    Why is Stingray so secret? Why can't it be discussed? Defendants cannot question the secrecy of Stingray. If they do, and get very far in court, then the case against them is dropped rather than reveal any information.

    Law enforcement agencies won't discuss whether they have or use Stingray.

    Why is this?

    Two theories.

    Theory 1

    In order to work Stingray must have something like credentials or cryptographic keys that enable it to impersonate various cell phone network towers. These keys / credentials are stolen. If these were revealed:
    1. anyone else with suitable equipment could also implement a Stingray (but not for long . . .)
    2. the network operators would revoke those credentials throughout their network so that all mobile devices in their network would reject those fake towers -- thus completely breaking Stingray.

    Theory 2

    A long time ago, in a galaxy far, far away . . .

    the cellular network protocols were designed. The world was far less hostile. Much less was invested in developing security beyond obvious basics. Exotic attacks of APTs were considered infeasible and outlandish.

    Under this theory Stingray works by exploiting vulnerabilities in how the network works. Basically, it is possible to trick your phone into using a fake cell tower. In order to fix this, bright shiny new protocols would need to be designed. It would take years to implement this throughout the entire network(s). Mobile transceivers would only be upgraded by attrition.

    Either way . . . if the secret of Stingray gets out, then nerds, yes nerds! could build their own Stingrays! This would soon allow poor people to be snooping on rich and powerful people. Chaos would ensue. The entire planet would end in flames.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 2) by requerdanos on Tuesday March 06 2018, @07:27PM (3 children)

      by requerdanos (5997) Subscriber Badge on Tuesday March 06 2018, @07:27PM (#648626) Journal

      And of course, I suggested the likely outcome.

      May it be also noted that things like Stingrays are an inevitable consequence of bad ideas like deliberately defective encryption designed to be trivially exploited by "the government" or "law enforcement".

      Mistakes in design here give us a preview of what happens if you include mistakes in your design.

      Almost as if it were Defective by Design [defectivebydesign.org]...

      • (Score: 2) by DannyB on Tuesday March 06 2018, @07:52PM (2 children)

        by DannyB (5839) Subscriber Badge on Tuesday March 06 2018, @07:52PM (#648642) Journal

        Whether it is by design or not may never be known. But it doesn't not change the outcome.

        There is no need to assume incompetence when mere malice will suffice as an explanation.

        --
        People today are educated enough to repeat what they are taught but not to question what they are taught.
        • (Score: 2) by DannyB on Tuesday March 06 2018, @07:54PM (1 child)

          by DannyB (5839) Subscriber Badge on Tuesday March 06 2018, @07:54PM (#648645) Journal

          Ugh! . . . doesn't not.

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
          • (Score: 2) by requerdanos on Tuesday March 06 2018, @09:32PM

            by requerdanos (5997) Subscriber Badge on Tuesday March 06 2018, @09:32PM (#648716) Journal

            Whether your design is bad because you missed something, or because you are incompetent, or because you are malicious, or for any other reason, good or bad, the fact remains, your design is still bad.

            This applies in communication protocol security, encryption, indeed everywhere in the known universe.

    • (Score: 0) by Anonymous Coward on Tuesday March 06 2018, @11:57PM

      by Anonymous Coward on Tuesday March 06 2018, @11:57PM (#648787)

      With its secrets one could build an app that let you know when you were being spied on

    • (Score: 2) by stormwyrm on Wednesday March 07 2018, @04:03AM (2 children)

      by stormwyrm (717) on Wednesday March 07 2018, @04:03AM (#648863) Journal

      The first hypothesis seems much more plausible, since law enforcement doesn't need to use stolen keys. They can always twist the arms of the telcos to cough up whatever keys they are using, and with suitably worded National Security Letters, the telcos also can't tell anyone that they were so coerced. It also means that no one else can easily do the same thing, and if the keys do get compromised by some other external party, the deal ("I am altering the deal... pray I do not alter it further") that law enforcement made with the telcos would definitely say that any changes in keys need to be provided as well. The second hypothesis is much more dicey. If there were vulnerabilities deliberately introduced into the phone protocols, then that would mean that anyone smart enough to use them could compromise the phone system! The vulnerabilities only need to be discovered once by some open researcher, and then it's open season. That isn't just bad for the privacy of the telcos' subscribers, rich or poor, it's also very bad news for the bottom lines of the telcos, because an insecure phone system would make it possible to cheat the phone company out of service, the way the phone phreaks of yore were once able to do. They whine today about legitimate, paying subscribers saturating their "unlimited" data plans, think of what would happen should phone phreaking become a thing again!

      No, I think these vulnerabilities being discovered in LTE are more a sign of incompetence rather than malice.

      --
      Numquam ponenda est pluralitas sine necessitate.
      • (Score: 0) by Anonymous Coward on Wednesday March 07 2018, @09:26AM

        by Anonymous Coward on Wednesday March 07 2018, @09:26AM (#648930)

        The gov certainly can compel businesses do anything. But I bet they wouldn't like to appear to be overreaching and like an all-seeing-eye in the pretend democracy. And then there is the funny idea of American exceptionalism, maybe these idiots think that no other party posesses the capability that good old yanks do, meaning if there is a clever backdoor, nobody else will find it. Sure it will take more than whistling into a handset but if one person can do something, somebody else also will, if not now then possibly very soon. And it would certainly cut some red tape not having to ask for anything but just take it...

        So perhaps the first theory is correct after all because of incompetence rather than malice of the gov.

        The level of incompetence displayed by various supposedly highly prodessional organizations never ceases to amaze me. It's like they have no actual 1) managers 2) experts. And the "compensation" and bonuses of various kinds they enjoy are out of this world and should their house of cards fall, they get to deploy amazing golden parachutes, every time. It has heads-I-win-tails-you-lose all over it.

        /morning rant

      • (Score: 2) by DannyB on Wednesday March 07 2018, @03:52PM

        by DannyB (5839) Subscriber Badge on Wednesday March 07 2018, @03:52PM (#649029) Journal

        Theory 1: Law enforcement has no idea how it works. (And remember, it's SECRET!) To law enforcement it is just a black box. Even if it uses stolen keys / credentials, law enforcement would be blissfully unaware. And, this would perfectly explain why no Stingray case will ever see a courtroom.

        You make a good point I had not considered about NSL's to force production of anything, even source code, or whatever it takes, to implement Stingray.

        You're probably right about incompetence rather than malice. Under theory 2, I think it would simply be incompetence. But I'm very open to it being malice if there is any evidence. I would not be one bit surprised if that were proven true.

        --
        People today are educated enough to repeat what they are taught but not to question what they are taught.
(1)