Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Security Flaw Impacts 5G, 4G, and 3G Telephony Protocols (zdnet.com)

Posted by msmash on from the security-woes dept.

A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards. From a report: Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols. This new vulnerability has been detailed in a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year.

According to researchers, the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks. The AKA protocol works by negotiating and establishing keys for encrypting the communications between a phone and the cellular network.

9 of 23 comments (clear)

  1. No problem by 110010001000 · · Score: 3, Funny

    I only use the AMPS network. I knew this "3G" stuff looked bad.

  2. Re:Apple is vindicated by viperidaenz · · Score: 2

    Apple are waiting on 5G because they've burnt their bridges with the biggest 5G modem supplier.
    They need to wait for Intel to catch up.

  3. Re:Flawed by design? by AHuxley · · Score: 1

    The GCHQ was never going to let Ireland have secure and encrypted communications.
    Location, plain text and voice prints from any new network that was going to be designed for use in Ireland/UK.
    The NSA and GCHQ was never going to let any emerging communications network be secure and encrypted globally.
    Police and security forces around the world like total control over their own nations smart phone networks before they are installed and used.
    Every network is and was open to advanced real time police and mil collection.

    --
    Domestic spying is now "Benign Information Gathering"
  4. Re:Apple is vindicated by TheGratefulNet · · Score: 1

    intel?

    oh, what I wish I could say about intel and their modems.

    how I WISH I could say stuff.

    but I can't.

    --

    --
    "It is now safe to switch off your computer."
  5. Re:Flawed by design? by TheGratefulNet · · Score: 1

    you are right.

    any phone that is accepted by a local government is unsafe to use, if you NEED privacy and trust.

    build your own layers on top, but assume all transports are compromised. they are. baked thru in silicon.

    phones are crap and 'they' like it that way.

    --

    --
    "It is now safe to switch off your computer."
  6. Lesson by Kernel+Kurtz · · Score: 1

    Encryption you have no interaction with and no control over is not secure.

    Carry on.

  7. Re:Flawed by design? by AHuxley · · Score: 1

    The networks has just enough junk crypto to stop low tech eavesdropping and very easy service cloning.

    --
    Domestic spying is now "Benign Information Gathering"
  8. Typo by astrofurter · · Score: 1

    There is another typo in this headline. It should read:

    "Old Anti-Security Feature Impacts 5G, 4G, and 3G Telephony Protocols"

  9. Re:Flawed by design? by Slayer · · Score: 1

    There are a gazillion hacks out there to reroute or sniff telephone data traffic, but pretty much nothing for messing with the billing. For whatever reason, phone companies got the latter designed and implemented very well. Makes one wonder ...