Laptop and equipment for 1.1 thousand euros allows you to track subscribers of 3G-5G networks
A new attack using the AKA protocol vulnerability has been introduced.
A protocol specifically designed to protect smartphone owners' data is vulnerable to attacks using fake base stations. The problem affects networks from 3G to 5G, and for the attack only a laptop and equipment worth about 1.1 thousand euros is needed.
This is an Authentication and Key Agreement (AKA) protocol designed to ensure the security of data transmission between a mobile device and a base station. A report published by the Cryptological Research Association presents a new attack on the AKA protocol, including 5G AKA, which “violates the privacy of the subscriber to an even greater extent than the known attacks to track the location.”
The attack poses a great threat because it exploits a logical vulnerability in the protocol, and therefore affects AKA as a whole, and not just some specific implementation of it.
As the researchers explained, AKA is a request-response protocol that relies on symmetric encryption and a sequence of numbers (SQN) to verify the relevance of requests in order to prevent replay attacks. In connection with the previously discovered vulnerabilities, the 3GPP consortium improved AKA for 5G. Randomized asymmetric encryption was added to the protocol to ensure the security of the user ID (the ID is sent during a handshake before encryption).
However, the updated protocol still uses the SQN numbers, and it was their researchers who used the attack. Insufficient randomization and the use of XOR allowed them to bypass the SQN protection mechanism and monitor the user (find out the number of calls made and SMS sent, track the location).
According to the researchers, the attack presented by them is more serious than the previous ones, since other attacks using fake base stations are only effective if the victim is within the range of a fake base station.
To carry out the attack, the experts used a laptop, a universal software radio, a smart card reader and OpenLTE software. With the exception of a laptop, the cost of the necessary equipment was 1140 euros (instead of a laptop, you can use the Raspberry Pi).
3GPP is a consortium that develops specifications for mobile telephony. 3GPP was created in 1998. The main focus of work is the development of technical specifications and technical reports in the field of network technologies and radio access in mobile systems.