Researchers Find New 5G Security Flaws
Ami Rojkes Dombe
| 13/11/2019
Security researchers at Purdue University and the University of Iowa have found 11 new vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic, or silently disconnect a 5G-connected phone from the network altogether. Some of the new attacks also could be exploited on existing 4G networks, the researchers added.
Using a new custom tool called 5GReasoner, the researchers carried out multiple types of attacks against a 5G-connected smartphone.
In one attack, the researchers said they were able to obtain both old and new temporary network identifiers of a victim’s phone, allowing them to discover the paging occasion, which can be used to track the phone’s location – or even hijack the paging channel to broadcast fake emergency alerts.
Another attack could be used to create a “prolonged” denial-of-service condition against a target’s phone from the cellular network.
In some cases, the flaws could be used to downgrade a cellular connection to a less-secure standard, which makes it possible for law enforcement – and capable hackers – to launch surveillance attacks against their targets using specialist “stingray” equipment.
All of the new attacks can be exploited by anyone with practical knowledge of 4G and 5G networks and a low-cost software-defined radio, said Syed Rafiul Hussain, one of the co-authors of the new paper.
[Source: TechCrunch]
Rare-earth elements between the United States of America and the People's Republic of China
The Eastern seas after Afghanistan: the UK and Australia come to the rescue of the United States in a clumsy way
The failure of the great games in Afghanistan from the 19th century to the present day
Russia, Turkey and United Arab Emirates. The intelligence services organize and investigate
Security researchers at Purdue University and the University of Iowa have found 11 new vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic, or silently disconnect a 5G-connected phone from the network altogether. Some of the new attacks also could be exploited on existing 4G networks, the researchers added.
Using a new custom tool called 5GReasoner, the researchers carried out multiple types of attacks against a 5G-connected smartphone.
In one attack, the researchers said they were able to obtain both old and new temporary network identifiers of a victim’s phone, allowing them to discover the paging occasion, which can be used to track the phone’s location – or even hijack the paging channel to broadcast fake emergency alerts.
Another attack could be used to create a “prolonged” denial-of-service condition against a target’s phone from the cellular network.
In some cases, the flaws could be used to downgrade a cellular connection to a less-secure standard, which makes it possible for law enforcement – and capable hackers – to launch surveillance attacks against their targets using specialist “stingray” equipment.
All of the new attacks can be exploited by anyone with practical knowledge of 4G and 5G networks and a low-cost software-defined radio, said Syed Rafiul Hussain, one of the co-authors of the new paper.
[Source: TechCrunch]