Research: 5G Networks Still Vulnerable to Location Tracking, Downgrading Attacks

A group of researchers found 11 flaws, several of which would expose a device’s location and when a user calls or sends texts.

While excitement is growing about the potential capabilities of 5G networks on a global scale, researchers are finding that the next generation of connectivity could come with some major security concerns.

During the Association for Computing Machinery’s Conference on Computer and Communications Security in London this week, researchers from Purdue University and the University of Iowa presented 11 security issues in 5G protocols, WIRED reported. Those design issues could have dire consequences for users, allowing hackers to expose a person’s location, track when a user makes calls or sends a text, and downgrade a device’s service to old data networks.

To identify the problems, the researchers used a new custom tool called 5GReasoner. Their research also led them to discover five vulnerabilities that already existed with 3G and 4G networks.

"Since many security features from 4G and 3G have been adopted to 5G, there is a high chance that vulnerabilities in previous generations are likely inherited to 5G, too,” Syed Rafiul Hussain, a postdoctoral security researcher at Purdue who led the study, told WIRED. “Additionally, new features in 5G may not have undergone rigorous security evaluation yet. So we were both surprised and not so surprised by our findings."

While many proponents of 5G say that it can protect phone identifiers and therefore prevent tracking attacks, Hussain and his colleagues found that downgrade attacks can easily bring a device on to an older network to get more information about a device and the user.

In addition, the researchers found that they could get around the latest security practice of giving networks a “Temporary Mobile Subscriber Identity,” or TMSI, that is changed periodically to prevent tracking. Flaws could allow hackers to override those resets or correlate the device’s old and news TSMIs, according to WIRED.

The findings were submitted to the standards body GSMA, which said that the scenarios described by the researchers have been “judged as nil or low-impact in practice.”

“We appreciate the authors’ work to identify where the standard is written ambiguously, which may lead to clarifications in the future," the standards group said in a statement.

Still, the research points out the continued issues in the 5G security framework, which include major risks of users having their locations tracked or their devices downgraded to older networks.

"The thing I worry about most is that attackers could know the location of a user," Hussain told WIRED. "5G tried to solve this, but there are many vulnerabilities that expose location information, so fixing one is not enough."

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Security Today Launches 2023 Government Security Awards

    Security Today Launches 2023 Government Security Awards

    Security Today is proud to announce the launch of the 2023 Government Security Awards. The Govies honor outstanding government security products in a variety of categories. For this year’s awards program, participants can choose from 38 different categories to enter their product(s) into. Read Now

  • Back to the Basics

    Back to the Basics

    Security is a continuous evolution of practices and procedures. The developments in technology and advancements in threats make security difficult at times. Although security from one location may look different from another location, there is a common goal applied to security measures. The common goal is protection. Read Now

  • The Top Three Security Trends in 2023

    The Top Three Security Trends in 2023

    As security technology has become more widely used, the interest in new capabilities and increased security measures has increased. As we head into 2023, these three trends will shape the security landscape. Read Now

  • TSA Breaks Record Nationally and in Washington for Firearm Discoveries in 2022

    TSA Breaks Record Nationally and in Washington for Firearm Discoveries in 2022

    Transportation Security Administration (TSA) officers in Washington detected 164 firearms in travelers’ carry-on luggage in 2022, with the majority of the firearms discovered at Seattle-Tacoma International Airport’s (SEA) security checkpoints. Read Now

Featured Cybersecurity

New Products

  • Hanwha Techwin Wisenet XRN-6410DB4 / mXRN-3210B4

    Hanwha Techwin Wisenet XRN-6410DB4 / mXRN-3210B4

    Hanwha Techwin America, a global supplier of IP and analog video surveillance solutions, unveiled two new Wisenet X series NVRs that support the industry’s first video playback and recording of up to 8K super-high-resolution images. 3

  • Kangaroo Home Security System

    Kangaroo Home Security System

    Kangaroo is the affordable, easy-to-install home security system designed for anyone who wants an added layer of peace of mind and protection. It has several products, ranging from the fan-favorite Doorbell Camera + Chime, to the more comprehensive Front Door Security Kit with Professional Monitoring. Regardless of the level of desired security, Kangaroo’s designed to move with consumers - wherever that next chapter may be. Motion sensors, keypads and additional features can be part of the package to any Kangaroo system in place, anytime. Additionally, Kangaroo offers scalable protection plans with a variety of benefits ranging from 24/7 professional monitoring to expanded cloud storage, coverage for damage and theft. 3

  • Altronix eFlow

    Altronix eFlow™ Dual Voltage Access Control Kits

    Altronix has launched an enhanced line of eFlow™ power supply/charger kits that provide 12 and 24VDC simultaneously for locking devices and peripherals. 3