Tracking 5G Protocol Flaws

Uploaded on 2019-11-27 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-5G Networks, TECHNOLOGY--Developments

Security flaws in the 5G communications protocol could potentially enable users' locations to be tracked in real-time. In addition to tracking a target's location, the flaws could be used to spoof emergency alerts, mount man-in-the-middle attacks and invoke spurious mobile billing.

These the security flaws would also require a significant amount of work to take advantage of them.

For example, to take advantage of the vulnerabilities highlighted attackers would need to erect a malicious base station. Part of the problem is that while the 5G security stack contains many enhancements, they haven't been tested in an adversarial environment and also carry over a number of security features from 4G LTE and its predecessors.

The 5G control-plane consists of a number of critical procedures (such as initial registration, deregistration and paging) which are leveraged by fundamental cellular services, such as voice calling, SMS, data and billing. Some researchers say that the 5G protocol lacks a robust, formal specification, which means that implementations are therefore prone to ambiguity and under-specification.

In order to test some of these complexities, researchers have developed a tool they called 5GReasoner, based on an earlier LTEInspector tool used to interrogate 4G network security.

Vulnerabilities found include flaws in the ‘network-access stratum (NAS) layer potentially enabling eavesdropping on messages; a denial-of-service attack against targets taking advantage of NAS counter desynchronisation; neutralising the user's temporary mobile subscriber identity (TMSI), enabling a target to be tracked; and, even cutting off a device. 

Security flaws in the radio resource control (RRC) layer enable what has been called the lullaby attack, in which the attackers intermittently force a targeted device to release its connection with the legitimate network. Repeatedly switching the device from idle to its connected state and back will cause its battery to deplete faster. Cross-layer attacks, meanwhile, can expose a device's TMSI and can be used to track the device and, hence, the user.

It's not the first time that security flaws have been found in the 5G communications protocol. A series of security flaws were found earlier this year with fixes unavailable before the first implementations were rolled out. There have also been warnings that state backed entities could target early 5G network implementations. 

Computing:          Inquirer:      ICS Surrey University:

You Might Also Read:

Happy Days Ahead For 5G Hackers:

AI Will Shape The Future 6G Network:

 


 

« Cloud Storage: What Is It & Who Runs It?
Australian Parliament Hacked »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Allgress

Allgress

Allgress solutions converge disparate risk silos across enterprise networks and automate governance, risk and compliance management processes.

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

Adroit Technologies

Adroit Technologies

Adroit Technologies has been developing award winning real-time software for the industrial automation markets for over 25 years.

Cybersecurity Collaborative

Cybersecurity Collaborative

CyberSecurity Collaborative is a forum for CISOs to share information that will collectively make us stronger, and better equipped to protect our enterprises from those seeking to damage them.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

Beosin

Beosin

Beosin is a blockchain security company providing cybersecurity services including security audits, on-chain asset investigation, threat intelligence and wallet security.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

Cado Security

Cado Security

Cado Security is pushing digital forensics, and cyber incident response to the next level with an incident response software platform and specialist consulting services.

Upfront Security

Upfront Security

Upfront Security helps companies with innovative products & services to prevent, recognise and recover from (identity) fraud.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

Nudge Security

Nudge Security

Nudge Security offer the world's first-ever SaaS security solution to discover shadow IT and curb SaaS sprawl across any device or location and nudges employees towards optimal security behavior.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.

EGUARDIAN

EGUARDIAN

EGUARDIAN serves as a Value-Added Distributor and technology enabler in the APAC region with the aim of further expanding globally and cater to the needs of the demands with the emerging technology.

EK3 Technologies

EK3 Technologies

EK3 Technologies mission is to provide comprehensive cybersecurity and IT solutions that allow our clients to focus on sustaining their business.