Research: 5G Networks Still Vulnerable to Location Tracking, Downgrading Attacks

A group of researchers found 11 flaws, several of which would expose a device’s location and when a user calls or sends texts.

• By Haley Samsel
• Nov 13, 2019

While excitement is growing about the potential capabilities of 5G networks on a global scale, researchers are finding that the next generation of connectivity could come with some major security concerns.

During the Association for Computing Machinery’s Conference on Computer and Communications Security in London this week, researchers from Purdue University and the University of Iowa presented 11 security issues in 5G protocols, WIRED reported. Those design issues could have dire consequences for users, allowing hackers to expose a person’s location, track when a user makes calls or sends a text, and downgrade a device’s service to old data networks.

To identify the problems, the researchers used a new custom tool called 5GReasoner. Their research also led them to discover five vulnerabilities that already existed with 3G and 4G networks.

"Since many security features from 4G and 3G have been adopted to 5G, there is a high chance that vulnerabilities in previous generations are likely inherited to 5G, too,” Syed Rafiul Hussain, a postdoctoral security researcher at Purdue who led the study, told WIRED. “Additionally, new features in 5G may not have undergone rigorous security evaluation yet. So we were both surprised and not so surprised by our findings."

While many proponents of 5G say that it can protect phone identifiers and therefore prevent tracking attacks, Hussain and his colleagues found that downgrade attacks can easily bring a device on to an older network to get more information about a device and the user.

In addition, the researchers found that they could get around the latest security practice of giving networks a “Temporary Mobile Subscriber Identity,” or TMSI, that is changed periodically to prevent tracking. Flaws could allow hackers to override those resets or correlate the device’s old and news TSMIs, according to WIRED.

The findings were submitted to the standards body GSMA, which said that the scenarios described by the researchers have been “judged as nil or low-impact in practice.”

“We appreciate the authors’ work to identify where the standard is written ambiguously, which may lead to clarifications in the future," the standards group said in a statement.

Still, the research points out the continued issues in the 5G security framework, which include major risks of users having their locations tracked or their devices downgraded to older networks.

"The thing I worry about most is that attackers could know the location of a user," Hussain told WIRED. "5G tried to solve this, but there are many vulnerabilities that expose location information, so fixing one is not enough."