When talking about vulnerabilities in 5G protocol network, it’s a scary thing as most of our connectivity in the world is through some network. Being open to vulnerabilities makes our lives less secure as most of our data and personal information is shared through a network. One of the most common or most potent of all vulnerabilities is associated with cell- site simulators or stingrays or even CSS for short.
Not many know what a CSS is supposed to do or much about its capabilities but if you’re in this category it’s not your fault. Thanks to confidentiality or non- disclosure requirements there is a veil of secrecy surrounding the workings of a CSS. There are a lot of privacy threats associated with CSSs and they are undoubtedly serious.
To know more about the vulnerabilities associated with CSSs there are many study papers that explore the concept. There are papers that explore the vulnerabilities in 2G, 3G and 4G protocols but what about 5G?
5G Protocol- Space for Improvement over 4G:
With 5G protocol on its way, there were many talks on how the new protocol was going to be better than the previous one or current one. One of the many areas the 5G protocol was going to improve on was protecting mobile users from the vulnerabilities associated with CSSs.
But with research into the area, researchers have found that this won’t be the case. We still will be open to the threat of vulnerabilities with 5G protocol as well. Researchers up at ETH Zurich and TechnisheUniversitat Berlin have unearthed a flaw in the Authentication and Key Agreement protocol. This protocol is commonly used in 3G, 4G and even now in 5G variants. This protocol opens the doorways to newer variants of privacy attacks within these protocols including the upcoming 5G protocol.
More on AKA and its role in 5G protocol:
The Authentication and Key Agreement protocol or AKA for short is a system by which a mobile and a cell tower mutually verify the others authenticity and shares keys to protect future communications. The same AKA protocol was used in 3G and 4G networks albeit in different versions. But these too were shown to be insufficient by researchers. Researchers have shown that these same protocols could be exploited allowing an attacker to get a person’s location information. This same kind of cell site simulator is shown to also work on the 4G network. It goes by the name Hailstorm.
What the standard body in charge of 5G Protocol have done:
The standard body, in charge of the new 5G protocol are the 3rd Generation partnership Project or 3GPP for short. The 3GPP are well aware of these vulnerabilities and have improved AKA to mitigate those privacy issues. But researchers think differently. Research has again discovered new vulnerabilities that will affect all protocols including the upcoming 5G protocol. But that’s not all either, researchers have even gone as far and said that the new strain of vulnerabilities breaches a user’s privacy more severely than what previous ones ever did.
How will the new Vulnerability in 5G Protocol?
The new vulnerability can be taken advantage of by anyone who can intercept mobile traffic in the area. That is anyone who can buy software which costs around $500. Such a person can monitor subscriber activity such as outgoing calls, SMSs sent and so forth. But they will not be able to see what the contents of those messages are or be able to tap into calls. Besides this, the attacker will even know how many calls or SMSs were sent even when their intended victim is not in their immediate vicinity. Even if a victim exits the attack area or area close to the attacker and when they reenter it, all their calls and SMSs they sent while outside the area will be known to the attacker.
Besides being able to see how many calls a person made or messages sent, the attacker will also be able to know the exact location of such a person. This vulnerability or attack is not only a possibility in 3G and 4G protocols but also now in the 5G protocol as well.
The most common use of location tracking is seen in law enforcement. But now such a vulnerability opens the doors to attackers too. This new vulnerability will allow attackers to get location information by CSSs.
Difference in Tracking Location information by Law Enforcement and Attackers:
While law enforcement officials use the legal route to obtain an individual’s tracking information, attackers do not. Law enforcement officials can subpoena phone companies to get the necessary information. However people working outside the law do not obviously get warrants or can get the information they desire from phone companies either. So the only other option is to use CSSs.
It is a known fact that there are vulnerabilities that allows a user’s location to be tracked over 4G. But this new variant of attack will continue to be a problem in all protocols even in the new 5G protocol, even with the previous vulnerability being fixed.
Members of the research team have informed the standard body of the 5G protocol and hope that it will be fixed before the new iteration of 5G comes out.
What 5G is expected to do?
5G users will supposedly get speeds peaking 20Gbps as specified by the ITU IMT- 2020 specification. These speeds however are expected only when using short range mmWave spectrum, not the longer range ones. One concern with the new 5G protocol is with the associated devices. When the last 4G protocol as released, Smartphone batteries couldn’t handle it at first. This may be so with 5G as well. The smartphones supporting the 5G protocol may too drain fast. But manufacturers say this isn’t so as most 5G compatible phones will depend primarily on 4G LTE or 4G. Also another way to keep battery drain low is by manufacturers not using mmWave tech in their phones, which is the most important tech to have to benefit from 5G protocol speeds.