Why You Should Think Twice Before Getting a 5G Connection
The world is waiting eagerly for the rollout of 5G technology at the end of this year. The fifth-generation of wireless network connectivity is supposed to revolutionize data transmission and the Internet of Things (IoT); open doors for tech innovations like self-driving cars and virtual reality; and also introduce a new level of security.
In December, Gartner said that 5G may be used as a network backbone for private enterprise broadband upgrades. Sixty-six percent of organizations have plans to deploy 5G by 2020, and they are expected to use the technology mainly for IoT communications and video, the research company said in a report.
But there’s a small hitch.
A group of researchers has revealed the 5G technology has a vulnerability that allows for spying of data over airwaves. The research team from the Technical University of Berlin, ETH Zurich and SINTEF Digital Norway says the vulnerability affects authentication and key agreement (AKA), which ensures your phone securely communicates with cellular networks.
The growth of mobile use
There are around five billion mobile subscribers, who have Universal Subscriber Identity Module cards (USIM), and are accessing cellular network services like the Net and calls, using 3G or 4G technologies. With growing importance of cellular network services in daily activities, there is a crucial need to provide security and privacy protection to mobile subscribers.
In the paper, “New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols”, the researchers write the 3rd Generation Partnership Project (3GPP) responsible for the worldwide standardization of mobile communication has designed and mandated the use of the AKA protocol to protect the subscribers’ mobile services. Even though privacy was a requirement, numerous subscriber location attacks have been demonstrated against AKA, some of which have been fixed or mitigated in the enhanced AKA protocol designed for 5G, they note.
Tricks they play
Government agencies use International Mobile Subscriber Identity (IMSI) catchers, also known as “stingrays”, to don the role of cell towers and spy on phones with older connections, allowing spies to gather important information like location and details on phone calls. It became difficult for IMSI catchers to tap into vital data, as networks turned more advanced. Still, many are capable of spying.
It was believed that 5G’s AKA would provide protection against IMSI catchers, but the researchers found that the vulnerability could trick the authentication protocol into giving up sensitive information.
In the paper, the researchers say they tested this on an existing 4G network, but the attacks could apply to 5G networks once they’re available. “… clever and sophisticated attackers may find new ways to use every obtainable information to carry out further AKA protocol related attacks in 5G networks,” they say, adding, “Our research reveals weaknesses in the AKA protocol specification which is implemented in every USIM installed in 3G and 4G devices worldwide. We reported our findings to relevant standardization bodies 3GPP and GSMA, and affected network operators. Our results were acknowledged by the involved parties…. Hence, it is important to protect sequence numbers used in authentication procedure messages.”
Since the release of the new technology is still 11 months away, there’s still time to fix this flaw.