A new serious cryptographic vulnerability has been discovered in modern, high-speed cell networks. The flaw, revealed during the Black Hat conference in Las Vegas, could allow affordable phone surveillance and location tracking. The 3G and 4G devices deployed worldwide are vulnerable to IMSI catcher aka Stingray devices, researchers explain.
The findings depict a cryptographic flaw in the protocol used in 3G and 4G LTE networks enabling devices to connect with the operator. The research itself was co-authored by Ravishankar Borgaonkar and Lucca Hirschi.
Cryptographic Flaw in 3G and 4G Networks
The vulnerability is based on a weakness in the authentication and key agreement letting the device communicate safely with the network. The agreement protocol relies on a counter kept in the device operator’s systems to verify the device and counter replay attacks.
However, the two researchers discovered that the counter isn’t guarded appropriately leading to leaks. The flaw could enable an attacker to spy on the user’s behavior and establish a pattern (when calls are being made, when text messages are sent, etc.). In addition, an attacker could also track the physical location of the phone. What the flaw doesn’t do is allow call or text message interception.
The Rise of the Next-Generation Stingray Devices?
What security researchers and privacy experts fear the most is that such vulnerability could open the door for a next-generation of stingray devices which are described as highly controversial devices for surveillance. Even though the employment of such devices is mostly kept in secret, it’s a known fact that police and law enforcement are using them, even without issued warrants, to perform surveillance on cell phones. Shortly said, stingray devices trick cell phone into downgrading to the weaker and outdated 2G standard so that it’s easier to track people and intercept their communications.
In a conversation with ZDNet, the researchers said that they wouldn’t be surprised to witness criminal stalking and harassment “to more mundane monitoring of spouse or employee movements, as well as profiling for commercial and advertisement purposes”.
The overall cost of the hardware is somewhere around $1,500 and could be appealing to hackers as well as police and law enforcement.
The worst part is that the discovered vulnerability affects all operators worldwide, because it is part of a weakness in the 3G and 4G standards. Most modern devices are also prone to the exploit.
Lastly, not much can be done to secure against such attacks. 3GPP, a consortium of telecoms standard organizations known to have developed the vulnerable protocol, are now aware of the issue. Hopefully, the flaw will be addressed in the future 5G standards.