Researchers have found a vulnerability in the communications protocols that support 5G networks. The designers of 5G have fixed a known flaw in 3G and 4G networks but created a new set of problems to fix.
A research paper titled “New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols” examined Authentication and Key Agreement (AKA) and found it wanting. This is the protocol that authenticates a user’s phone and the cellular network by managing the keys that encrypt communications between a phone and the network.
3G and 4G networks were vulnerable to an attack using IMSI catchers which allowed attackers to capture metadata from users of cellular networks. The new 5G-AKA protocol thwarts this attack but leaves users vulnerable to a new type of attack that allows attackers to capture data like how many texts and calls they send and receive. In effect, it allows an attacker to build a profile of a mobile network user.
The researchers say this “… breaches subscriber privacy more severely than known location privacy attacks do”.
In describing the impact of the vulnerability, the researchers note that they notified a number of carriers and hardware makers including Ericsson, Nokia, and Huawei about the flaw so that it can be fixed. They were able to produce a low-cost proof of concept to demonstrate how the vulnerability could be exploited.
They also say that while 5G AKA will be vulnerable in the first deployment of 5G they are hopeful that 5G AKA could be fixed before the end of 2019.
The impact of such a flaw will depend on how it’s used. It’s unlikely most of us would be directly affected although it could be used to target ads if an unscrupulous ad sales operator decided to use it. For example, they could employ an attack near shopping malls to profile mobile phone users. Or it could be used in sensitive locations such as consulates or government buildings to determine when particular workers were around.
Given 5G networks are still in their early days of deployment and handsets are still some way off mainstream adoption, it’s not likely that this attack will be a major problem now. But with local carriers announcing their 5G plans recently, that could change.