Mobile networks of the fifth generation are designed to provide not only a higher speed of data transmission with less delay but also enhanced security. However, the researchers found vulnerabilities that allow attackers to monitor devices and even listen to calls.
At the conference on computer security Black Hat held in Las Vegas, a group of researchers from the Norwegian analytical firm SINTEF Digital promises to publish the results of the search for vulnerabilities in the security of fifth-generation networks. Their correction will protect users from so-called IMSI-traps (IMSI — international identification number of the mobile subscriber assigned to each cell phone). Such devices cost up to $10 disguised as cell towers to get IMSI or other mobile device identifiers to track their location or listen to calls.
"One of the advantages of 5G is that this technology has been developed to solve problems with fake base stations. The idea is that in 5G the theft of identity numbers such as IMSI and IMEI will no longer allow the identification and tracking of users. But we found that in reality 5G does not provide full protection against such fake towers," says Ravishankar Borgaonkar, a researcher from the Norwegian technical analysis company SINTEF Digital.
One of the major improvements to the 5G network to prevent surveillance is a new data encryption scheme so that it is not stored in an easy-to-read text format. However, the researchers found enough vulnerabilities to allow attackers to use IMSI-traps for espionage.
When a device "registers" with the base station to establish a connection, it transmits certain identifying information about itself. As with the current 4G standard, fifth-generation networks do not encrypt data. The researchers found that this information can be obtained using a fake tower, and then use it to identify and track gadgets nearby. By obtaining this unencrypted data, attackers can identify the type of electronics (smartphone, tablet, car, vending machine), manufacturer, components used, specific model, operating system version, etc. Knowing the victim's device, hackers can easily identify it among hundreds of others.
By detecting the victim's gadget, attackers can block the device from entering power-saving mode, usually triggered by a network message. As soon as the device connects to a stable connection, it constantly requests a message from its network stating that it can stop scanning to connect to a cellular network, which takes a lot of time and energy. Hackers are able to block these messages and thus discharge the batteries five times faster than if they were in power saving mode. For example, in this way you can easily "land" sensors of the security system.
The researchers have already transmitted data on vulnerabilities to the GSMA organization, which promised to make appropriate corrections to the 5g standard.