A combined team of researchers from the University of Iowa and Purdue University has found nearly a dozen security breaches in the 5G protocol. They have found vulnerabilities that leave users at risk of being tracked, along with several other issues. All of the vulnerabilities they found could be exploited by anyone with a basic knowledge of either 4G or 5G networks—and that it could be done with low-cost software.
The work by the researchers involved building the software tool 5GReasoner, which they used to test the new protocol, finding 11 vulnerabilities. Using 5GReasoner, the researchers set up a radio base station that could be used to attack phones in the nearby vicinity. They report that they were able to obtain network IDs for local phones, which in turn allowed them to discover paging occasions—and that allowed them to see the current location of a phone, which could be used to track the person using it. They were also able to broadcast phony emergency alerts to phones in a given area, and in some cases, were able to track phone activity. They could run denial-of-service systems to prevent phones from accessing their designated networks—a scheme that could result in downgraded service, or worse, no service at all. The researchers note that some of the vulnerabilities could be used for surveillance attack by hackers or law enforcement personnel.
The researchers have written a paper describing both their findings and uploaded it to the Documentcloud server. They have also reported their findings to the GSM Association (GMSA), which is responsible for approving international phone protocols. In response, the GMSA released a note describing the vulnerabilities as nil, or of low impact with no mention if the vulnerabilities would be fixed.
https://techxplore.com/news/2019-11-problems-5g-protocol.html
The work by the researchers involved building the software tool 5GReasoner, which they used to test the new protocol, finding 11 vulnerabilities. Using 5GReasoner, the researchers set up a radio base station that could be used to attack phones in the nearby vicinity. They report that they were able to obtain network IDs for local phones, which in turn allowed them to discover paging occasions—and that allowed them to see the current location of a phone, which could be used to track the person using it. They were also able to broadcast phony emergency alerts to phones in a given area, and in some cases, were able to track phone activity. They could run denial-of-service systems to prevent phones from accessing their designated networks—a scheme that could result in downgraded service, or worse, no service at all. The researchers note that some of the vulnerabilities could be used for surveillance attack by hackers or law enforcement personnel.
The researchers have written a paper describing both their findings and uploaded it to the Documentcloud server. They have also reported their findings to the GSM Association (GMSA), which is responsible for approving international phone protocols. In response, the GMSA released a note describing the vulnerabilities as nil, or of low impact with no mention if the vulnerabilities would be fixed.
https://techxplore.com/news/2019-11-problems-5g-protocol.html
No comments :
Post a Comment