Tracking 5G Protocol Flaws

Uploaded on 2019-11-27 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-5G Networks, TECHNOLOGY--Developments

Security flaws in the 5G communications protocol could potentially enable users' locations to be tracked in real-time. In addition to tracking a target's location, the flaws could be used to spoof emergency alerts, mount man-in-the-middle attacks and invoke spurious mobile billing.

These the security flaws would also require a significant amount of work to take advantage of them.

For example, to take advantage of the vulnerabilities highlighted attackers would need to erect a malicious base station. Part of the problem is that while the 5G security stack contains many enhancements, they haven't been tested in an adversarial environment and also carry over a number of security features from 4G LTE and its predecessors.

The 5G control-plane consists of a number of critical procedures (such as initial registration, deregistration and paging) which are leveraged by fundamental cellular services, such as voice calling, SMS, data and billing. Some researchers say that the 5G protocol lacks a robust, formal specification, which means that implementations are therefore prone to ambiguity and under-specification.

In order to test some of these complexities, researchers have developed a tool they called 5GReasoner, based on an earlier LTEInspector tool used to interrogate 4G network security.

Vulnerabilities found include flaws in the ‘network-access stratum (NAS) layer potentially enabling eavesdropping on messages; a denial-of-service attack against targets taking advantage of NAS counter desynchronisation; neutralising the user's temporary mobile subscriber identity (TMSI), enabling a target to be tracked; and, even cutting off a device. 

Security flaws in the radio resource control (RRC) layer enable what has been called the lullaby attack, in which the attackers intermittently force a targeted device to release its connection with the legitimate network. Repeatedly switching the device from idle to its connected state and back will cause its battery to deplete faster. Cross-layer attacks, meanwhile, can expose a device's TMSI and can be used to track the device and, hence, the user.

It's not the first time that security flaws have been found in the 5G communications protocol. A series of security flaws were found earlier this year with fixes unavailable before the first implementations were rolled out. There have also been warnings that state backed entities could target early 5G network implementations. 

Computing:          Inquirer:      ICS Surrey University:

You Might Also Read:

Happy Days Ahead For 5G Hackers:

AI Will Shape The Future 6G Network:

 


 

« Cloud Storage: What Is It & Who Runs It?
Australian Parliament Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Phoenix TS

Phoenix TS

Phoenix TS offers world-class management, computer, and IT security certification training courses.

C2B2 Consulting

C2B2 Consulting

C2B2 are experts in middleware support and consultancy. We specialise in ensuring scalability, performance and security of large scale systems.

Information Security Research Group - University of South Wales

Information Security Research Group - University of South Wales

The Information Security Research Group has an international reputation in the areas of network security, computer forensics and threat analysis.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

Myra Security

Myra Security

The fully automated Myra DDoS Protection reliably protects web applications, websites, DNS servers, and IT infrastructures.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

Learn How To Become

Learn How To Become

At LearnHowToBecome.org, our mission is to help any job-seeker understand what it takes to build and develop a career. We cover many specialist areas including cybersecurity.

AppGuard

AppGuard

AppGuard prevents breaches by blocking applications from performing inappropriate processes using our patented dynamic isolation and inheritance technologies.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Netsurion

Netsurion

Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.