Swiss Researchers Find 5G Security Gaps


Mar 3, 2018
Swiss security researchers exposed gaps in the 5G AKA standard. Using a security protocol verification tool called Tamarin, the researchers ran the new wireless communication standard through a series of tests. Ralf Sasse, a senior scientist at ETH in Zurich, said their research "showed that the standard is insufficient to achieve all the critical security aims of the 5G AKA protocol. It is therefore possible for a poor implementation of the current standard to result in users being charged for the mobile phone usage of a third party." While the researchers say there are significant security improvements over existing 3G and 4G protocols, there are still gaps that can expose a user's location.

As Basin's team determined, data protection will be improved significantly with the new protocol in comparison with 3G and 4G technologies. In addition, 3GPP succeeded in closing a gap with the new standard that had previously been exploited by IMSI catchers. With these devices, the International Mobile Subscriber Identity (IMSI) of a mobile phone card can be read to determine the location of a mobile device. To achieve this, the device masquerades as a radio station in order not to be caught by the mobile phone. "This gap is closed with the 5G AKA. However, we have determined that the protocol permits other types of traceability attacks," explains senior scientist and co-author Lucca Hirschi. In these attacks, the mobile phone does not send the user's full identity to the tracking device, but still indicates the phone's presence in the immediate vicinity. "We assume that more sophisticated tracking devices could also be dangerous for 5G users in the future," adds Hirschi. If the new mobile communication technology is introduced with these specifications, it may lead to numerous cyber attacks. Basin's team is thus in contact with 3GPP, in order to jointly implement improvements in the 5G AKA protocol.
Better to find this stuff now, but still a little late as a lot of rollout has already been started.