The issues identified are related to the 5G network partitioning mechanism that allows operators to split their infrastructure into smaller blocks dedicated to specific purposes (for example, automotive, healthcare, critical infrastructure and entertainment, and so on).

The discovered vulnerabilities can be exploited in hybrid mobile networks, where 5G is mixed with older technologies. Such options will be found in the real world in the next years, when 5G technology will gradually replace the rest.

Attacks are possible due to the lack of mapping between application and transport layer identifiers, which allows potential attackers to impersonate legitimate network functions in hybrid 5G networks.

As a result, if an attacker manages to compromise the operator’s peripheral network equipment, he can abuse 5G functions to implement DoS attacks against other network segments or extract information from neighboring network segments, including subscriber data (for example, location data).

The researchers also warn that scenarios are possible when the operator’s partners, who are granted access to network segments, can abuse their privileges to attack other parts of the network.

AdaptiveMobile has already notified the 3GPP consortium (responsible for developing of the 5G standard), the GSMA and the mobile operators industry group about the problems. Experts say that protection against these attacks may require the development of some large features that may be added in Release 17.

Release 17 (or Rel-17) is the version of the 5G standard that is currently in development and should be released in mid-2022.

Let me also remind you that I wrote that Vulnerabilities in old GTP protocol could affect 4G and 5G networks.

The post Experts have discovered bugs in the 5G protocol that allow tracking location and arranging of DoS attacks appeared first on Gridinsoft Blog.

Technology is at a low start

5G and IoT

The Internet of Things (IoT) develops amazingly. Many more devices for smart houses/offices appear year-to-year, big companies like Xiaomi and Apple, creating a closed IoT ecosystem for their devices. And it is easy to create such a network at home or in a small office – the connection speed of Wi-Fi/LTE is enough to provide a sustainable operating of IoT. But when we talk about hotels, offices of large companies, or home systems with big Internet traffic consumption, mentioned ways of Internet connection are not enough. 5G solves this problem, providing the connection speed up to 10 times faster than present methods. After the 5G implementation, the Internet of Things will get an enormous popularity boost.

5G and virtual reality (VR)

Virtual reality content services are struggling to develop because of low connection speed. And we are talking about live streaming services, which require a stable and fast Internet connection. Adventure games through VR are exciting. However, they are hard to play in multiplayer mode: significant ping and unsatisfactory connection speed, crops can have fun on quarantine. Greenland VR tours through the island are trendy, but many people who tried this awesome tour noted that the lag between the command and action is considerable. The main 5G implementation effect allows users to have slightly above zero pings, so their in-game actions feel live and real.

Network of new era and cloud services

Cloud computing and cloud gaming, in particular, are two sectors that are waiting for 5G networks implementation with the same impatience as man is waiting for a taxi on a rainy day. And while such cloud gaming services as Google Stadia can operate with the current Internet speed rate, cloud computing is barely able to show the full potential with an average connection speed of about 100 Mbps. Computer manufacturers are making prognoses about a new model of personal computer usage. Just imagine: you are purchasing only the monitor, which has a 5G chip, keyboard, and mouse, then connecting to the cloud computing service and choosing the fitting computer parameters – CPU/GPU/RAM amount, as well as the operating system. Then, you can use your PC as usual, with the only difference that all computing will be performed on the server. Isn’t that amazing?

Fears and gossips around 5G

People showed a completely different reaction on 5G appearance. Someone was happy to see that such a progressive technology is available for the public, but a massive number of people seriously think that 5G can harm their health; a small group of people stated that the coronavirus pandemic is caused by 5G towers. But such people have completely forgotten about the Wi-Fi, 3G/4G, radio- and television waves, which cause no fears or disputes. 5G is as safe as any other type of radio waves¹, and even more : nowadays 5G waves have an extremely low penetrating power, so it’s very easy to “hide” from “harmful” 5G inside of any building.

The post 5G and it’s possible effect on our lives appeared first on Gridinsoft Blog.

A bug allows simulating another user’s operator’s network, which means an attacker will be able to issue paid subscriptions at the expense of other people or publish something (for example, secret documents) under the mask of other files.

“In mobile networks, mutual authentication ensures that the smartphone and the network can verify their identities. In LTE, mutual authentication is established on the control plane with a provably secure authentication and key agreement protocol. However, missing integrity protection of the user plane still allows an adversary to manipulate and redirect IP packets”, — write experts from Ruhr University.

A key element of IMP4GT attacks is software-defined radio (this is why an attacker must be close to his victim in order to carry out an attack). Such a device is capable of intercepting signals between a mobile device and a base station, and, using them, trick a smartphone into giving itself up to a base station, or, on the contrary, trick a network into pretending to be a smartphone. As soon as the communication channel is compromised, manipulation of the data packets that circulate between the device and the base station begins.

“Data packets between the mobile phone and the base station are transmitted in encrypted form, which protects data from listening. However, it is possible to modify these data packets. We don’t know what is in the data packet, but we can provoke errors by changing bits from 0 to 1 or from 1 to 0”, – say the experts.

As a result, such bugs can force the mobile device and the base station to decrypt or encrypt messages, convert information into plain text, or create a situation where an attacker can send commands without authorization.

Such teams can be used to purchase paid subscriptions or to book services (when someone else pays the bill), but they can also have more serious consequences. For example, an attacker can visit sites under another person’s account and transmit information on behalf of another person, thereby substituting other people.

The authors of the study emphasize that IMP4GT attacks are dangerous for some 5G networks. The vulnerability can be eliminated in 5G networks by introducing mandatory integrity protection at the user level, but this will require considerable expenses on the part of telecom operators (additional protection will generate large data transfer, and base stations need changes), as well as replacing existing smartphones.

Specialists will present a detailed report on the problem at the NDSS Symposium 2020 conference, which will soon be held in San Diego.

Finally, I remind you that data privacy is quite shaky thing, and so: for example, US authorities can hack iPhone, but may have difficulties with Android.

The post IMP4GT Vulnerability in LTE Threatens Almost All Modern Smartphones appeared first on Gridinsoft Blog.