Stories
Slash Boxes
Comments

SoylentNews is people

The 5G Protocol May Still Be Vulnerable to IMSI Catchers

posted by janrinok on Wednesday January 30 2019, @06:53PM   Printer-friendly
from the off-the-grid-is-the-only-way dept.

canopic jug writes:

Researchers at ETH Zurich and Technische Universität Berlin have described a flaw in the 3G, 4G, and 5G communications which keeps mobile phone communications vulnerable to international mobile subscriber identity-catcher (IMSI-catcher) attacks. Specifically, the Authentication and Key Agreement (AKA) protocol accidentally (?) allows for a new privacy attack against all variants of the protocol, including more detailed location disclosure.

The standards body in charge of 5G—the 3rd Generation Partnership Project, or 3GPP—has improved AKA to mitigate those well-known privacy issues. However, the researchers say, they have been able to find a new vulnerability that affects all versions of the AKA, including in the upcoming 5G standard. And what's more, the researchers say that this new attack "breaches subscribers' privacy more severely than known location privacy attacks do."

The newly discovered vulnerability allows an attacker who can intercept mobile traffic in the area (meaning anyone with a software-defined radio costing around $500) to monitor individual subscriber activity, such as the number of outgoing calls or SMSs sent in a given amount of time (but not the metadata or contents of the messages.) On top of that, the technique can tell an attacker how many calls or text messages an individual victim sent even if the victim is not near the attacker when the calls or texts are sent. Instead, after the first time the victims enters the attack area and subsequently leaves the area, even past call and text activity would become vulnerable as soon as the victim and their device re-enters the attack area.

[...] It's important to keep in mind here that, for cases of lawful intervention from law enforcement agencies, there are better ways than this attack technique to get location information, such as getting a warrant and getting the information directly from the phone companies. People working outside the legal system, such as spies and criminals, cannot get warrants and cannot typically work directly with the phone companies. Law enforcement does not need the location-finding capabilities of an IMSI catcher unless they are trying to circumvent the legal system.

Earlier on SN:
If 5G Is So Important, Why Isn't It Secure? (2019)
Sen. Wyden Confirms Cell-Site Simulators Disrupt Emergency Calls (2018)
Trump's Cell Phone Use is Security "Nightmare" Waiting to Happen, Lawmakers Say (2018)
New York District Court Throws Out DEA Stingray Evidence (2016)

Original Submission

 
This discussion has been archived. No new comments can be posted.
The 5G Protocol May Still Be Vulnerable to IMSI Catchers | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 3, Insightful) by DannyB on Wednesday January 30 2019, @07:42PM (2 children)

    by DannyB (5839) on Wednesday January 30 2019, @07:42PM (#794207) Journal

    Wouldn't it be considered a required feature in some circles to keep all mobile devices vulnerable to IMSI catchers?

    (IMSI reminds me too much of IMSAI 8080 which. But daaaad! That's old people stuff!)

    --
    If a minstrel has musical instruments attached to his bicycle, can it be called a minstrel cycle?

    • (Score: 2) by stretch611 on Thursday January 31 2019, @04:13AM (1 child)

      by stretch611 (6199) on Thursday January 31 2019, @04:13AM (#794392)

      There is no need...

      After all, if people want to hijack your location information in the real world, all they need to do is get you to install an app.

      Look how shiny it is...

      --
      Now with 5 covid vaccine shots/boosters altering my DNA :P

      • (Score: 2) by DannyB on Thursday January 31 2019, @02:51PM

        by DannyB (5839) on Thursday January 31 2019, @02:51PM (#794535) Journal

        It's not just your location they want to hijack.

        And they don't want you to know or install anything. After all, some people might be savvy enough not to fall for installing silly applications, even on a burner phone.

        --
        If a minstrel has musical instruments attached to his bicycle, can it be called a minstrel cycle?

  • (Score: 4, Interesting) by takyon on Wednesday January 30 2019, @07:45PM

    by takyon (881) <{takyon} {at} {soylentnews.org}> on Wednesday January 30 2019, @07:45PM (#794209) Journal

    Feds Say They've Detected Apparent Rogue Spy Devices In D.C. [npr.org]

    Foreign governments using IMSI catchers or otherwise intercepting calls and texts is a security threat, sure. But it's nothing compared to the ability of the NSA, FBI, and local law enforcement to snoop on U.S. citizens. The priorities are clear.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]

  • (Score: 3, Funny) by fustakrakich on Wednesday January 30 2019, @07:56PM

    by fustakrakich (6150) on Wednesday January 30 2019, @07:56PM (#794218) Journal

    Since when does that apply to law enforcement?

    --
    La politica e i criminali sono la stessa cosa..
(1)