Tracking 5G Protocol Flaws

Uploaded on 2019-11-27 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-5G Networks, TECHNOLOGY--Developments

Security flaws in the 5G communications protocol could potentially enable users' locations to be tracked in real-time. In addition to tracking a target's location, the flaws could be used to spoof emergency alerts, mount man-in-the-middle attacks and invoke spurious mobile billing.

These the security flaws would also require a significant amount of work to take advantage of them.

For example, to take advantage of the vulnerabilities highlighted attackers would need to erect a malicious base station. Part of the problem is that while the 5G security stack contains many enhancements, they haven't been tested in an adversarial environment and also carry over a number of security features from 4G LTE and its predecessors.

The 5G control-plane consists of a number of critical procedures (such as initial registration, deregistration and paging) which are leveraged by fundamental cellular services, such as voice calling, SMS, data and billing. Some researchers say that the 5G protocol lacks a robust, formal specification, which means that implementations are therefore prone to ambiguity and under-specification.

In order to test some of these complexities, researchers have developed a tool they called 5GReasoner, based on an earlier LTEInspector tool used to interrogate 4G network security.

Vulnerabilities found include flaws in the ‘network-access stratum (NAS) layer potentially enabling eavesdropping on messages; a denial-of-service attack against targets taking advantage of NAS counter desynchronisation; neutralising the user's temporary mobile subscriber identity (TMSI), enabling a target to be tracked; and, even cutting off a device. 

Security flaws in the radio resource control (RRC) layer enable what has been called the lullaby attack, in which the attackers intermittently force a targeted device to release its connection with the legitimate network. Repeatedly switching the device from idle to its connected state and back will cause its battery to deplete faster. Cross-layer attacks, meanwhile, can expose a device's TMSI and can be used to track the device and, hence, the user.

It's not the first time that security flaws have been found in the 5G communications protocol. A series of security flaws were found earlier this year with fixes unavailable before the first implementations were rolled out. There have also been warnings that state backed entities could target early 5G network implementations. 

Computing:          Inquirer:      ICS Surrey University:

You Might Also Read:

Happy Days Ahead For 5G Hackers:

AI Will Shape The Future 6G Network:

 


 

« Cloud Storage: What Is It & Who Runs It?
Australian Parliament Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

Post-Quantum

Post-Quantum

Post-Quantum offer a unique, patented quantum-resistant encryption algorithm that can be applied to existing products and networks.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

Gita Technologies

Gita Technologies

Gita Technologies works to create integrated solutions to the thorniest problems in the field of intelligence and cyber today.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

MagicCube

MagicCube

MagicCube is a device independent IoT security platform that protects against on-device, cloud, and network attacks.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

Cryptyk

Cryptyk

CRYPTYK CLOUD is the first complete enterprise-class cloud security solution that includes cloud storage and broad protection against all external and internal threats.

Quantifind

Quantifind

Quantifind enables financial crimes/fraud analysts and investigators to make better decisions, faster, with intelligent automation.

Dawgen Global

Dawgen Global

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region providing a range of services including Risk Management and Information Systems Assurance.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

EasySec Solutions

EasySec Solutions

EasySec Solutions provides a cyber-security platform, based on a combination of the zero trust model and the software-defined security management.