Tracking 5G Protocol Flaws

Security flaws in the 5G communications protocol could potentially enable users' locations to be tracked in real-time. In addition to tracking a target's location, the flaws could be used to spoof emergency alerts, mount man-in-the-middle attacks and invoke spurious mobile billing.

These the security flaws would also require a significant amount of work to take advantage of them.

For example, to take advantage of the vulnerabilities highlighted attackers would need to erect a malicious base station. Part of the problem is that while the 5G security stack contains many enhancements, they haven't been tested in an adversarial environment and also carry over a number of security features from 4G LTE and its predecessors.

The 5G control-plane consists of a number of critical procedures (such as initial registration, deregistration and paging) which are leveraged by fundamental cellular services, such as voice calling, SMS, data and billing. Some researchers say that the 5G protocol lacks a robust, formal specification, which means that implementations are therefore prone to ambiguity and under-specification.

In order to test some of these complexities, researchers have developed a tool they called 5GReasoner, based on an earlier LTEInspector tool used to interrogate 4G network security.

Vulnerabilities found include flaws in the ‘network-access stratum (NAS) layer potentially enabling eavesdropping on messages; a denial-of-service attack against targets taking advantage of NAS counter desynchronisation; neutralising the user's temporary mobile subscriber identity (TMSI), enabling a target to be tracked; and, even cutting off a device. 

Security flaws in the radio resource control (RRC) layer enable what has been called the lullaby attack, in which the attackers intermittently force a targeted device to release its connection with the legitimate network. Repeatedly switching the device from idle to its connected state and back will cause its battery to deplete faster. Cross-layer attacks, meanwhile, can expose a device's TMSI and can be used to track the device and, hence, the user.

It's not the first time that security flaws have been found in the 5G communications protocol. A series of security flaws were found earlier this year with fixes unavailable before the first implementations were rolled out. There have also been warnings that state backed entities could target early 5G network implementations. 

Computing:          Inquirer:      ICS Surrey University:

You Might Also Read:

Happy Days Ahead For 5G Hackers:

AI Will Shape The Future 6G Network:

 


 

« Cloud Storage: What Is It & Who Runs It?
Australian Parliament Hacked »

Perimeter 81

Directory of Suppliers

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

WEBINAR: How to fuel your DevSecOps in AWS

WEBINAR: How to fuel your DevSecOps in AWS

Thursday, May 20, 2021 - In this webinar, SANS and AWS Marketplace will discuss how to build a strategy that encompasses visibility and automation for the DevSecOps pipeline in AWS.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cristie Data

Cristie Data

Cristie have been a trusted, innovative and leading edge data storage, backup and virtualisation solutions provider across all sectors of industry for over 40 years.

Redbud

Redbud

Redbud is a specialist search and recruitment firm for Information Security professionals.

TÜV SÜD

TÜV SÜD

TÜV SÜD is one of the world's leading technical service organisations. Services offered include industrial cyber security.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

Red Lambda

Red Lambda

Red Lambda provides cybersecurity software that enables organizations to rapidly identify, visualize, investigate, and understand threat behaviors of both known and unknown, zero-day attacks.

AnchorFree

AnchorFree

AnchorFree is a Virtual Private Network services provider offering secure encrypted access to the internet.

Salvador Technologies

Salvador Technologies

Salvador Technologies provides the world’s fastest technology to recover from cyber-attacks.

ShieldX Networks

ShieldX Networks

ShieldX is the only cloud-native security platform that continuously discovers workloads, identifies risk, and enforces security policies in any multi-cloud environment.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.