An investigation shows that AKA protocol is still vulnerable
A communications protocol, originally intended to protect the privacy of mobile phone users, is vulnerable to fake base station attacks, as evidenced by an investigation carried out by a team of digital forensics and cybersecurity experts. Apparently all the experts needed to perform the attack were a laptop and various devices worth about $1.5k USD.
The AKA (Authentication and Key Agreement) protocol is intended to provide security between mobile phones and base stations, and had been exploited in the past using surveillance devices such as the Stingray, used by some police agencies.
In the research carried out by experts in digital forensics from countries such as Germany and Norway, the existence of “a new attack vector against any of the variants of the AKA protocol, including the version for 5G networks”, is confirmed. Moreover, experts say this is a much more invasive attack than its predecessors.
This is a serious problem because we faced with a logical vulnerability in AKA, which means that the security problem is not limited to a single implementation of the protocol, so it is inconvenient for users of last generation networks and for mobile phones that use 3G deployment.
“AKA is a challenge-response protocol based on symmetric cryptography and a sequence number (SQN) to verify the freshness of the challenges, preventing repetition attacks”, mentions the experts’ report.
Thanks to the discovery of previous vulnerabilities in cellular networks, especially the susceptibility of the smartphones to the IMCI receptors (similar to the Stingray), 3rd Generation Partnership Project (3GPP), organism in charge of the standards in mobile telephony, modified the AKA protocol in 5G generation with asymmetric encryption to protect users during the communication process.
However, this new version of AKA still uses sequence numbers (SQN), so the digital forensics investigators decided to check if the protocol was still vulnerable. During the investigation, they discovered that the lack of randomness would allow them to infringe the SQN protection mechanism.
“It has been shown that partially learning SQN produces a new class of attacks against mobile phone users; although the attacker must start with a fake base station, the attack can be extended even if the victim moves away from the attack area,” the experts mentioned. “Even when the victim uses his cell phone outside the attack area, some of their activity can be leaked to another attacker once the user enters the attack area again”.
The vulnerability occurs because an attacker can send authentication challenges to the user’s system at different times, retrieve the SQN, and exploit its values to violate the confidentiality of the SQN.
To carry out their proof of concept, the experts only required a laptop, a radio peripheral, a smart card reader, and the OpenLTE software. In total, the researchers claimed to have spent about $1.5k USD, not counting the laptop (which, according to experts, can be replaced by a Raspberry Pi, obtaining the same results).
Experts say they have already notified 3GPP, as well as giving notice to manufacturers like Ericsson, Huawei and Nokia. An update is expected to be released as soon as possible, but only for mobile phones operating with 5G technology.