Posted on July 27, 2017 at 1:40 PM
Vulnerability Found in 3G and 4G Cells Allows Illegal Surveillance
It has been revealed by security researchers that there is a vulnerability in modern, high-speed cell networks, which allows low-cost phone surveillance and location tracking.
The information has been revealed this Wednesday at the Black Hat conference conducted in Las Vegas. There have been findings of a cryptographic flaw in the protocol that is used in 3G and 4G LTE networks; the flaw connects mobile devices with the cell operator.
This is just another proof that the long-held belief of modern cell standards and protocols being immune from tracking and monitoring, differentiating them from the older 2G cell protocol that had an encryption that was easy to crack.
The weakness has been found in the authentication and key agreement by Ravishankar Borgaonkar and Lucca Hirschi. These processes let a phone communicate safely with the subscriber’s cell network. What the researchers have found is that the counter that is supposed to prevent attacks isn’t that well protected and partially leaks. That would allow an attacker to monitor consumption patterns, such as when calls are made and when text messages are sent and track the physical location of a cell phone.
What’s scary about this flaw is that it could be the gateway for the next generation of cell site simulators. With a lot of controversy around them, these devices are used by local police more often than not without warrants for cellular surveillance. The devices make cell phones downgrade to a weaker 2G standard in order to listen to conversations and find locations of pretty much anyone nearby.
Borgaonkar explained that this could be a step towards the making of the next generation of illegal surveillance devices because of the low-cost hardware and software setup.
The hardware costs as little as $1,500, which isn’t a lot to any advanced hacker, and even less for a police department or intelligence unit that has enough funds.
Borgaonkar also explained that this could allow the attacker to track victim’s activity at any time with only being near the target sporadically.
Researcher’s academic colleagues in Germany performed several attacks of this kind in order to prove their concept. The have stated that because the weakness is part of the 3G and 4G standard it affects all operators from anywhere in the world as well as the majority of modern devices.
They have also said that there isn’t much to be done in order to protect against these attacks, partially because mobile operating systems don’t detect radio-level attacks.
3GPP, a consortium of telecoms standard organizations which developed the vulnerable protocol, are aware of the flaw and are working on fixing the issue in the upcoming 5G standards.
A spokesperson did not respond when requested for comment.