Researchers have discovered 3G security flaws that allows your devices to be tracked. Proposed fixes will need to be deployed by cellular operators.
According to a report on SC Magazine, a research led by chief researchers at the University of Birmingham in collaboration with the Technical University of Berlin has discovered new privacy threats that allow every device operating on 3G networks to be tracked. 3GPP, the 3G global industry watchdog, was reportedly informed about the flaws six months ago and is investigating the research. The research team will detail the flaws at the ACM Conference on Computer and Communications Security event this month.
The security flaws affects the latest 3G networks which have already been secured by discarding GSM interoperable networks that were long known to be vulnerable. The new found vulnerabilities could be exploited with the use of readily available consumer technology.
Using an off-the-shelf and a rooted, or modified, femtocell unit which broadcasted a 3G signal, the attacks were made by intercepting, altering and injecting 3G Layer-3 messages into communication between the base station and mobile phones. Researchers told SC that the attacks would work against any provider that adhered to the 3G standard.
Of the two attacks conducted, one attack forced mobile devices to reveal the static identity, the International Mobile Subscriber Identity (IMSI), in response to the Temporary Mobile Subscriber Identity (TMSI). By revealing the IMSI and TMSI correlation, the attacker can reveal the presence of devices in the monitored area.
In the second attack, involving the Authentication and Key Agreement (AKA) protocol attack, the same authentication request would be sent to all phones in range causing all but the targeted device to respond with synchronisation failures. According to the research, ?The captured authentication request can now be replayed by the adversary each time he wants to check the presence of?[a device] in a particular area. In fact, thanks to the error messages, the adversary can distinguish any mobile station from the one the authentication request was originally sent to.?
The researchers also wrote, ?If devices with wider area coverage than a femtocell are used, the adversary should use triangulation to obtain finer position data.?
The research proposed fixes for the flaws which uses public-key cryptography and needs to be deployed by cellular operators within their networks. According to the report, the fixes would not be expensive. ?The solutions we propose show that privacy friendly measures could be adopted by the next generation of mobile telephony standards while keeping low the computational and economical cost of implementing them.?
Source: SC Magazine, Flaws allow 3G devices to be tracked
Image Credits: Colin Peebles, News.com.au
Source: http://e27.sg/2012/10/10/newly-discovered-3g-flaws-allows-your-device-to-be-tracked/
paterno newt gingrich joe pa joe pa joe paterno dead marist south carolina primary results
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.