The Inquirer

Boffins uncover 5G flaws that could enable real-time location tracking

Awww G

Boffins uncover 5G flaws that could enable real-time location tracking
5G isn't as secure as you might think
  • Roland Moore-Colyer
  • Roland Moore-Colyer
0 Comments

SECURITY FLAWS IN 5G could let cyber creeps stalk your real-time location, according to security boffins from Purdue University and the University of Iowa.

They found that some 11 flaws exist in the 5G protocol that could enable hackers to spoof emergency alerts or secretly disconnect a phone from a network, as well as track users' real-time locations.

And there's a kicker, as some of the flaws could also be exploited on existing 4G networks. 

The vulnerabilities take a bit of wrangling to exploit. For example, an attacker would need to create a malicious radio base station to carry out attacks. And the researchers built a tool called 5GReasoner to find and exploit the vulnerabilities.

To track real-time location, the researchers had to obtain the new and old temporary network identifiers of a target's phone in order to discover the location paging occasion and thus extrapolate a person's real-time location.

So exploiting them might be a bit out of the reach of your garden variety hacker. Though the researchers noted that anyone with a practical knowledge of 4G and 5G networks, as well as access to a low cost software-defined radio, could potentially exploit the flaws. Best keep an eye on any telecoms engineer mates you have with a dodgy look on their mugs.

Regardless of how easy they may be to exploit, the potential for cyber deviants to able to stalk someone or send out fake emergency alerts - think of the kind that had Hawaiians spooked that they were under imminent ballistic missile attack last year - is rather concerning.

The clever folks notified telecom network worldwide trade body GSM Association of new vulnerabilities they found. But the GSMA judged the threat of such vulnerabilities to be "null or low-impact", and its given no indication of if and when the flaws will be fixed.

Maybe Apple's move to wait until at least 2020 before coming up with a 5G iPhone seems sensible, given it doesn't seem as secure as it was once made out to be. µ

Further reading

INQ Latest