Research: 5G Networks Still Vulnerable to Location Tracking, Downgrading Attacks

A group of researchers found 11 flaws, several of which would expose a device’s location and when a user calls or sends texts.

While excitement is growing about the potential capabilities of 5G networks on a global scale, researchers are finding that the next generation of connectivity could come with some major security concerns.

During the Association for Computing Machinery’s Conference on Computer and Communications Security in London this week, researchers from Purdue University and the University of Iowa presented 11 security issues in 5G protocols, WIRED reported. Those design issues could have dire consequences for users, allowing hackers to expose a person’s location, track when a user makes calls or sends a text, and downgrade a device’s service to old data networks.

To identify the problems, the researchers used a new custom tool called 5GReasoner. Their research also led them to discover five vulnerabilities that already existed with 3G and 4G networks.

"Since many security features from 4G and 3G have been adopted to 5G, there is a high chance that vulnerabilities in previous generations are likely inherited to 5G, too,” Syed Rafiul Hussain, a postdoctoral security researcher at Purdue who led the study, told WIRED. “Additionally, new features in 5G may not have undergone rigorous security evaluation yet. So we were both surprised and not so surprised by our findings."

While many proponents of 5G say that it can protect phone identifiers and therefore prevent tracking attacks, Hussain and his colleagues found that downgrade attacks can easily bring a device on to an older network to get more information about a device and the user.

In addition, the researchers found that they could get around the latest security practice of giving networks a “Temporary Mobile Subscriber Identity,” or TMSI, that is changed periodically to prevent tracking. Flaws could allow hackers to override those resets or correlate the device’s old and news TSMIs, according to WIRED.

The findings were submitted to the standards body GSMA, which said that the scenarios described by the researchers have been “judged as nil or low-impact in practice.”

“We appreciate the authors’ work to identify where the standard is written ambiguously, which may lead to clarifications in the future," the standards group said in a statement.

Still, the research points out the continued issues in the 5G security framework, which include major risks of users having their locations tracked or their devices downgraded to older networks.

"The thing I worry about most is that attackers could know the location of a user," Hussain told WIRED. "5G tried to solve this, but there are many vulnerabilities that expose location information, so fixing one is not enough."

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3