11 new 5G hacks enable user device tracking and monitoring

A team of researchers working at the US’s Purdue University and the University of Iowa have disclosed 11 new vulnerabilities in the 5G mobile network protocol that could potentially be exploited by malicious actors to compromise organisational and personal security.

The research team – Elisa Bertino, Syed Rafiul Hussain and Imtiaz Karim of Purdue University, and Omar Chowdhury and Mitziu Echeverria of the University of Iowa – used a tool called 5GReasoner to uncover the vulnerabilities. They described 5GReasoner as a “framework for property-guided formal verification of control-plane protocols spanning multiple layers of the 5G protocol stack”.

The new vulnerabilities are understood to be simple to take advantage of, requiring only a working knowledge of 4G and 5G networks and a cheap software-defined radio.

They include tricks that allow an attacker to: monitor a user’s uplink and downlink data transmissions; track a user’s location; disconnect a user from the network altogether; and run down a user’s device battery by causing repeated disconnections and reconnections.

Critically for privacy advocates, one of the vulnerabilities enabled the continued use of IMSI catchers – colloquially known as Stingrays – to which 5G devices are supposed to be immune. Stingrays, which present to the unwitting user as a normal cellular tower, have been used by law enforcement agencies to conduct surveillance activity, including in the UK.

Five further vulnerabilities discovered by 5GReasoner are known to have affected the previous 4G mobile networking standard, suggesting that despite some of the much-touted improvements in network security inherent to 5G, much work remains to be done.

Bulletproof managing director Oliver Pinson-Roxburgh described the range of vulnerabilities as a “scary threat” that needed to be addressed.

“In the past, with similar vulnerabilities in software, the argument has been: should we really care if someone knows where a handset is, what is the risk?” he said. “In my opinion, this is serious threat as it allows for location tracking to potentially be used discrediting an individual based on location, track and intercept, as well as disconnect your phone at a time of need. This is especially worrying for high-profile individuals.”

Pinson-Roxburgh highlighted another concern arising from the research – that as 5G is being touted as a means to support advanced automation technology, such as fully autonomous vehicles, hackers could gain the ability to cause mass disruption, and even to kill their targets.

Although all the vulnerabilities have been reported to the GSMA as part of its coordinated vulnerability disclosure programme, Robert Ramsden-Board, EMEA vice-president of Securonix, urged mobile network operators to take ownership of the problem.

“5G providers should take the necessary steps to secure any weaknesses that could undermine 5G security and privacy protections and put users at risk,” he said. “However, like the cloud, users will have to be aware of these risks and take any necessary precautions to protect themselves.”