5G vulnerability enables low-cost location and phone activity tracking
In late 2018, researchers at SINTEF Digital Norway, ETH Zurich, and Berlin's Technical University discovered a new and serious vulnerability in several generations of the cellular mobile communications protocols: 3G, 4G, and the upcoming 5G. The flaw affected Authentication and Key Agreement, which negotiates and establishes authentication between cellular networks and users' phones. AKA as designed for 5G was intended to close a vulnerability in 3G and 4G that allows fake base stations, known as "IMSI catchers", to intercept traffic metadata and track phones' location. The new vulnerability instead reveals details of a user's mobile activity, such as numbers of sent and received texts and calls, which allows IMSI catcher operators to build profiles of smartphone owners. Because the AKA protocol leaks updated phone activity, attackers can track users even when they move away from the IMSI catcher. If an area is densely enough populated by IMSI catchers, the vulnerability can be adapted for location tracking - and at lower cost than before, because the necessary off-the-shelf electronics are cheaper. Because 5G is not expected to reach deployment until later in 2019, the researchers tested their attack against a 4G network, but said it would definitely work against 5G systems. The researchers followed responsible disclosure guidelines, and the standards-setting bodies, 3GPP and GSMA, are working to remediate the protocol.
Writer: Catalin Cimpanu