Security weaknesses in 5G, 4G and 3G could expose users’ locations
Fifth generation (5G) wireless test networks are barely in the ground and already researchers say they’ve uncovered new weaknesses in the protocol meant to secure it.
5G security is built around 5G AKA (Authentication and Key Agreement), an enhanced version of the AKA protocol already used by 3G and 4G networks.
A big issue this was supposed to address was the ease with which surveillance of 3G and 4G devices can be carried out using fake base stations known as IMSI catchers (International Mobile Subscriber Identity-catcher, sometimes called ‘StingRays’).
Disappointingly, according to a research paper, New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols, made public late last year, 5G AKA might not solve this thanks to deeper issues with the AKA protocol on which it is based.
As the name suggests, IMSI catchers work by tricking devices into connecting to them instead of the real base station, exploiting the fact that under GSM (the Global System for Mobile Communication mobile phone standard), devices prioritise closer and stronger signals.
Luring a smartphone to connect to a fake base gives attackers the power to identify the device’s owner, track their physical location, and potentially execute a downgrade attack by asking it to remove security such as encryption.