An attacker could intercept communication metadata to locate of a mobile phone
Network
security and
ethical hacking specialists reported the discovery of vulnerability in the 5G
communication protocol, which will be implemented soon. Apparently this
vulnerability is more severe than the previously ones discovered, as it affects
the 3G and 4G protocols in addition to the upcoming 5G.
According to experts from the International
Institute of Cyber Security, the flaw allows the monitoring of communications
through the use of IMSI receivers (International Mobile Subscriber Identity Interception)
of last generation functional in all telephone protocols.
Third
Generation Partnership Project (3GPP), entity responsible for the standardization of mobile
communications worldwide, designed and ordered the implementation of the Authentication
and Key Agreement (AKA) protocol to protect mobile phone users, however,
multiple attacks against this protocol have been successfully performed; some
of these flaws have been corrected or mitigated in the AKA enhanced protocol
for 5G.
The vulnerability recently discovered by
network security specialists affects the AKA protocol, which is a mechanism
based on the challenge/response process that uses symmetric cryptography.
Current IMSI receivers exploit these vulnerabilities to degrade the AKA to a
primary state, allowing the attacker to intercept the traffic metadata of a
mobile device to track its location.
3GPP developed a new version of AKA
specifically for the 5G (5G-aka) protocol to be able to bypass a IMSI receptor,
but the vulnerability allowed attackers to develop a new version of receptors
capable of intercepting the 5G signal.
The vulnerability reveals details about a
user’s mobile activity, such as the number of calls and text messages sent and
received, which far exceeds the performance of older IMSI computers.
It is also worth mentioning that in 2018, David
Vignault, a specialist in network security based in Canada, said he was
concerned about the possibility of data theft that would generate the
implementation of 5G technology, as organizations that protect confidential
information (even military secrets) could be affected.
“Espionage activities in strategic areas
sponsored by government agencies have increased,” Vignault mentioned. “Sensitive
sectors, such as research in artificial intelligence, drugs and military
technology, could be severely affected by this kind of security flaws in mobile
communication protocols”.
