An attacker could intercept communication metadata to locate of a mobile phone
Network security and ethical hacking specialists reported the discovery of vulnerability in the 5G communication protocol, which will be implemented soon. Apparently this vulnerability is more severe than the previously ones discovered, as it affects the 3G and 4G protocols in addition to the upcoming 5G.
According to experts from the International Institute of Cyber Security, the flaw allows the monitoring of communications through the use of IMSI receivers (International Mobile Subscriber Identity Interception) of last generation functional in all telephone protocols.
Third Generation Partnership Project (3GPP), entity responsible for the standardization of mobile communications worldwide, designed and ordered the implementation of the Authentication and Key Agreement (AKA) protocol to protect mobile phone users, however, multiple attacks against this protocol have been successfully performed; some of these flaws have been corrected or mitigated in the AKA enhanced protocol for 5G.
The vulnerability recently discovered by network security specialists affects the AKA protocol, which is a mechanism based on the challenge/response process that uses symmetric cryptography. Current IMSI receivers exploit these vulnerabilities to degrade the AKA to a primary state, allowing the attacker to intercept the traffic metadata of a mobile device to track its location.
3GPP developed a new version of AKA specifically for the 5G (5G-aka) protocol to be able to bypass a IMSI receptor, but the vulnerability allowed attackers to develop a new version of receptors capable of intercepting the 5G signal.
The vulnerability reveals details about a user’s mobile activity, such as the number of calls and text messages sent and received, which far exceeds the performance of older IMSI computers.
It is also worth mentioning that in 2018, David Vignault, a specialist in network security based in Canada, said he was concerned about the possibility of data theft that would generate the implementation of 5G technology, as organizations that protect confidential information (even military secrets) could be affected.
“Espionage activities in strategic areas sponsored by government agencies have increased,” Vignault mentioned. “Sensitive sectors, such as research in artificial intelligence, drugs and military technology, could be severely affected by this kind of security flaws in mobile communication protocols”.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.