Cryptographic Flaw in 3G and 4G Networks: All Devices Exposed
NEWS

Cryptographic Flaw in 3G and 4G Networks: All Devices Exposed

A new serious cryptographic vulnerability has been discovered in modern, high-speed cell networks. The flaw, revealed during the Black Hat conference in Las Vegas, could allow affordable phone surveillance and location tracking. The 3G and 4G devices deployed worldwide are vulnerable to IMSI catcher aka Stingray devices, researchers explain.

The findings depict a cryptographic flaw in the protocol used in 3G and 4G LTE networks enabling devices to connect with the operator. The research itself was co-authored by Ravishankar Borgaonkar and Lucca Hirschi.

Related Story: The Future Is Here: Employees Getting RFID Chips Implanted

Cryptographic Flaw in 3G and 4G Networks

The vulnerability is based on a weakness in the authentication and key agreement letting the device communicate safely with the network. The agreement protocol relies on a counter kept in the device operator’s systems to verify the device and counter replay attacks.

However, the two researchers discovered that the counter isn’t guarded appropriately leading to leaks. The flaw could enable an attacker to spy on the user’s behavior and establish a pattern (when calls are being made, when text messages are sent, etc.). In addition, an attacker could also track the physical location of the phone. What the flaw doesn’t do is allow call or text message interception.

The Rise of the Next-Generation Stingray Devices?

What security researchers and privacy experts fear the most is that such vulnerability could open the door for a next-generation of stingray devices which are described as highly controversial devices for surveillance. Even though the employment of such devices is mostly kept in secret, it’s a known fact that police and law enforcement are using them, even without issued warrants, to perform surveillance on cell phones. Shortly said, stingray devices trick cell phone into downgrading to the weaker and outdated 2G standard so that it’s easier to track people and intercept their communications.

In a conversation with ZDNet, the researchers said that they wouldn’t be surprised to witness criminal stalking and harassment “to more mundane monitoring of spouse or employee movements, as well as profiling for commercial and advertisement purposes”.

Related Story: Android Users, How Much Do You Know about Ultrasonic Tracking?

The overall cost of the hardware is somewhere around $1,500 and could be appealing to hackers as well as police and law enforcement.

The worst part is that the discovered vulnerability affects all operators worldwide, because it is part of a weakness in the 3G and 4G standards. Most modern devices are also prone to the exploit.

Lastly, not much can be done to secure against such attacks. 3GPP, a consortium of telecoms standard organizations known to have developed the vulnerable protocol, are now aware of the issue. Hopefully, the flaw will be addressed in the future 5G standards.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...