New Security Flaw Impacts 5G, 4G, and 3G Telephony Protocols

A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards. From a report: Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols. This new vulnerability has been detailed in a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year.

According to researchers, the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks. The AKA protocol works by negotiating and establishing keys for encrypting the communications between a phone and the cellular network.

Apple is vindicated

They were right to wait on 5G and the haters were wrong.

Re:Apple is vindicated

and if u run android no updates 4 u!!

Re: Apple is vindicated

More like BADdroid IMO

Re:Apple is vindicated

"They were right to wait on 5G" - 5G is still affected, as are 4G and 3G. You don't read so gud, huh? This story has no specific Apple tangent either way. All modern phones use these standards and are trackable right now.

Apple didn't wait on 5G because they foresaw security problems, that type of blathered insinuation without evidence and in defense of Apple knee-jerkingly is typically the domain of Kendall. You're replacing his illiterate bullshit with your own.
 

Re:Apple is vindicated

ya but apple has a WALLED GARDEN which blocks MUH FREEDUM to run facebook's vpn spyware! thank god android respeks muh freedums to by spied on by corporate behemoths!

Re:Apple is vindicated

[viperidaenz]

Apple are waiting on 5G because they've burnt their bridges with the biggest 5G modem supplier.
They need to wait for Intel to catch up.

Re:Apple is vindicated

[TheGratefulNet]

intel?

oh, what I wish I could say about intel and their modems.

how I WISH I could say stuff.

but I can't.

This is why China and Russia

have all those IMSI catchers around DC.

No problem

[110010001000]

I only use the AMPS network. I knew this "3G" stuff looked bad.

Flawed by design?

GSM et al have a terrible track record. They are broken, known to be broken and never get fixed, or at least not in a way that you can non-ambiguously know you are not on a downgraded (vulnerable) version of the protocol. It's not hard to figure this is the preferred way of the law enforcement and intelligence agencies (NSA), they just don't say it loud and clear. We could even argue flaws are built in from the start.

Re:Flawed by design?

Spy agencies will use what works. https://www.abc.net.au/news/2013-11-18/australia-spied-on-indonesian-president,-leaked-documents-reveal/5098860

Re:Flawed by design?

[AHuxley]

The GCHQ was never going to let Ireland have secure and encrypted communications.
Location, plain text and voice prints from any new network that was going to be designed for use in Ireland/UK.
The NSA and GCHQ was never going to let any emerging communications network be secure and encrypted globally.
Police and security forces around the world like total control over their own nations smart phone networks before they are installed and used.
Every network is and was open to advanced real time police and mil collection.

Re:Flawed by design?

[TheGratefulNet]

you are right.

any phone that is accepted by a local government is unsafe to use, if you NEED privacy and trust.

build your own layers on top, but assume all transports are compromised. they are. baked thru in silicon.

phones are crap and 'they' like it that way.

Re:Flawed by design?

[AHuxley]

The networks has just enough junk crypto to stop low tech eavesdropping and very easy service cloning.

Re:Flawed by design?

[Slayer]

There are a gazillion hacks out there to reroute or sniff telephone data traffic, but pretty much nothing for messing with the billing. For whatever reason, phone companies got the latter designed and implemented very well. Makes one wonder ...

Re:Flawed by design?

So ARCFOUR (RC4) and 3DES? Spill the details.

No problem

My 4G equipment is old, so not affected by this new flaw.
What idiot writes these headlines?

Mind Reader!

Back in my day we used AMPS and could listen in on 1/2 of anyone's conversation. Nobody worried, nobody cried and nobody GPS tracked your ass.

Jaw dropping idiocy

AKA has been publically known to be flawed for at least a decade.

The thing about cellular networks and security is they don't even try. They just invent a bunch of nonsensical bullshit and hope nobody pays much attention. It's done intentionally to keep the TLA's happy.

Re:Jaw dropping idiocy

i don;t think you are giving them credit for trying to make this breachable.

Lesson

[Kernel+Kurtz]

Encryption you have no interaction with and no control over is not secure.

Carry on.

Re:Lesson

In my experience, selectable encryption is the first thing to go when there's a communication problem, and the last thing to get added back in (if at all). Unfortunately, encryption is hard, and most developers (or their project managers) are interested in solving a particular problem. Not adding (what they see as unnecessary) overhead and complexity.

Typo

[astrofurter]

There is another typo in this headline. It should read:

"Old Anti-Security Feature Impacts 5G, 4G, and 3G Telephony Protocols"