Researchers have discovered a new security flaw in the upcoming 5G cellular mobile communications protocol. According to reports, the flaw is more severe than any other reported vulnerability. Moreover, the security issue affects not only the 5G protocol but also the older versions – 3G and 4G.
Details of the latest findings have been published in a research paper named "New Privacy Threat on 3G, 4G, and Upcoming 5G (cellular mobile communications) AKA Protocols", by Ravishankar Borgaonkar, Lucca Hirschi, Shinjo Park, and Altaf Shaik.
The paper published last year reveals that the security flaw has the ability to affect AKA (Authentication and Key Agreement) – a protocol that is responsible for creating a connection between a user’s phone and the cellular networks through encryption keys.
The research shows that the vulnerability in the cellular network protocols can be used to create IMSI-catcher devices that will enable the hackers to track the location of mobile phones as well as intercept mobile phone data.
The developers claim to create a stronger AKA version for the 5G protocol. They also state that the new 5G-AKA has the ability to cease IMSI-catchers.
Nevertheless, the vulnerability exists.
To an average internet user, the activity of tracking mobile use may not seem so risky. However, the new trend of attack can be used effectively to spy on politicians and diplomats.
Due to lack of 5G equipment, the researchers carried out the experiment of the attack on a 4G network. However, they claim that the same would work as efficiently on a 5G system as it does on a 4G.
The findings of the same have been acknowledged by the 3GPP and GSMA who agree to improve the protocol in further developments.
Unfortunately, the phase 1 of 5G AKA will suffer from the vulnerability but researchers are hoping that the security flaw would be fixed before the deployment of the second phase that is scheduled at the end of 2019.
Notable research papers have also pointed out other security issues. However, the 3GPP and mobile telecommunication providers disregard such claims and state that security is at the top of their mind when designing 5G.
Details of the latest findings have been published in a research paper named "New Privacy Threat on 3G, 4G, and Upcoming 5G (cellular mobile communications) AKA Protocols", by Ravishankar Borgaonkar, Lucca Hirschi, Shinjo Park, and Altaf Shaik.
The paper published last year reveals that the security flaw has the ability to affect AKA (Authentication and Key Agreement) – a protocol that is responsible for creating a connection between a user’s phone and the cellular networks through encryption keys.
The research shows that the vulnerability in the cellular network protocols can be used to create IMSI-catcher devices that will enable the hackers to track the location of mobile phones as well as intercept mobile phone data.
The developers claim to create a stronger AKA version for the 5G protocol. They also state that the new 5G-AKA has the ability to cease IMSI-catchers.
Nevertheless, the vulnerability exists.
Related: Save yourself from potential data breaches with these tipsIn fact, last year, the team at SINTEF Digital Norway, ETH Zurich, and the Technical University in Berlin discovered surveillance tech vendors to create a new class of IMSI-catchers. According to reports, this type of vulnerability has the capability of reporting complete mobile activity including the number of sent/received texts and calls.
To an average internet user, the activity of tracking mobile use may not seem so risky. However, the new trend of attack can be used effectively to spy on politicians and diplomats.
Due to lack of 5G equipment, the researchers carried out the experiment of the attack on a 4G network. However, they claim that the same would work as efficiently on a 5G system as it does on a 4G.
The findings of the same have been acknowledged by the 3GPP and GSMA who agree to improve the protocol in further developments.
Unfortunately, the phase 1 of 5G AKA will suffer from the vulnerability but researchers are hoping that the security flaw would be fixed before the deployment of the second phase that is scheduled at the end of 2019.
Also Read: 2FA Is Still Hackable Says Knowbe4 Chief Security OfficerBesides this research, two other academic studies from the French and Finnish have also touched upon the security threat to 5G protocol.
Notable research papers have also pointed out other security issues. However, the 3GPP and mobile telecommunication providers disregard such claims and state that security is at the top of their mind when designing 5G.