Boffins uncover 5G flaws that could enable real-time location tracking

SECURITY FLAWS IN 5G could let cyber creeps stalk your real-time location, according to security boffins from Purdue University and the University of Iowa.

They found that some 11 flaws exist in the 5G protocol that could enable hackers to spoof emergency alerts or secretly disconnect a phone from a network, as well as track users' real-time locations.

And there's a kicker, as some of the flaws could also be exploited on existing 4G networks. 

The vulnerabilities take a bit of wrangling to exploit. For example, an attacker would need to create a malicious radio base station to carry out attacks. And the researchers built a tool called 5GReasoner to find and exploit the vulnerabilities.

To track real-time location, the researchers had to obtain the new and old temporary network identifiers of a target's phone in order to discover the location paging occasion and thus extrapolate a person's real-time location.

So exploiting them might be a bit out of the reach of your garden variety hacker. Though the researchers noted that anyone with a practical knowledge of 4G and 5G networks, as well as access to a low cost software-defined radio, could potentially exploit the flaws. Best keep an eye on any telecoms engineer mates you have with a dodgy look on their mugs.

Regardless of how easy they may be to exploit, the potential for cyber deviants to able to stalk someone or send out fake emergency alerts - think of the kind that had Hawaiians spooked that they were under imminent ballistic missile attack last year - is rather concerning.

The clever folks notified telecom network worldwide trade body GSM Association of new vulnerabilities they found. But the GSMA judged the threat of such vulnerabilities to be "null or low-impact", and its given no indication of if and when the flaws will be fixed.

Maybe Apple's move to wait until at least 2020 before coming up with a 5G iPhone seems sensible, given it doesn't seem as secure as it was once made out to be. µ

Further reading

• Cellular

China is rolling out one of the world's biggest 5G networks

• 01 Nov 2019

• Friction

Huawei will be allowed in 'non-contentious' parts of Blighty's 5G network

• 28 Oct 2019

• Chips

Samsung's Exynos 980 SoC comes with 5G baked-in

• 04 Sep 2019

• Friction

Huawei is in 'early talks' to licence its 5G kit to US telcos

• 21 Oct 2019

• Tweet  
• Facebook  
•  
•  
• Send to  

• Topics
• Security
• 5G
• Boffin Watch
• location tracking
• Hacking