Great 5G features that also make it the most vulnerable cellular network

The good news is that 5G is software based so can be updated. The bad news is that 5G is software based so is easier to hack…:

[…] Unlike previous generations, 5G’s security architecture is designed to protect the privacy of users by concealing their identity through encryption. To achieve this, a new type of identity was developed: The Subscription Concealed Identifier (SUCI). SUCI is a partially encrypted Subscription Permanent Identifier (SUPI) aimed at protecting the identity of the user.

“SUCI is a one-time Id, which is never repeated, unlike the TMSI in 3G and GUTI in 4G. This helps protect against replay type attacks,” explains Dr Dror Fixler CEO and co-founder  of FirstPoint, an Israel-based startup developing cellular protection technology. “SUCI is generated by encrypting the MSIN (Mobile Subscriber Identification Number) of the subscriber’s IMSI (International Mobile Subscriber Identity). The process also relies on a sequence number which increases each time to prevent repetition.”

Despite the definitions and standardisation efforts towards privacy protection, research reports have shown that several possible attacks are still possible despite and because of 5G’s location and identity protection features. The most rife are location tracking, identity hijacking, content re-routing and 2FA hijacking.

The most critical flaw found by the researchers at Purdue and Iowa universities is called Torpedo. It exploits a vulnerability in your phone’s paging system. The researchers described how attackers can use this technique to verify the location of your device.

Additionally, it allows them to send fake paging messages and launch two additional attacks: Piercer and IMSI-Cracking Attack. The former allows attackers to determine your device’s IMSI on 4G while the latter allows them to penetrate encrypted IMSI numbers in both 4G and 5G.


Original article here