Stingrays (AKA IMSI catchers) are a widespread class of surveillance devices that target cellular phones by impersonating cellular towers to them (they're also called "cell-site simulators").
IMSI catchers are so easy to build and operate that they have leapt from police agencies to criminals, and foreign and corporate spies, exposing us all to potential surveillance from all quarters.
That's why it was so important that the new 5G mobile protocol be designed to foil IMSI catchers, and why the 3rd Generation Partnership Project, or 3GPP (the body standardizing 5G) updated the Authentication and Key Agreement (AKA) to resist IMSI catching techniques.
But new research from ETH Zurich and Technische Universität Berlin has revealed a critical flaw in AKA, a defect that not only allows attackers to track the number of calls and texts being sent while a user is connected to the fake tower, but also a count of calls and texts from before the device was compromised. More importantly, the attack allows for fine-grained location tracking.
It’s important to keep in mind here that, for cases of lawful intervention from law enforcement agencies, there are better ways than this attack technique to get location information, such as getting a warrant and getting the information directly from the phone companies. People working outside the legal system, such as spies and criminals, cannot get warrants and cannot typically work directly with the phone companies. Law enforcement does not need the location-finding capabilities of an IMSI catcher unless they are trying to circumvent the legal system.
The 5G Protocol May Still Be Vulnerable to IMSI Catchers
[Cooper Quintin/EFF Deeplinks]
Runa Sandvik (previously) is a legendary security researcher who spent many years as a lead on the Tor Project; in 2016, the New York Times hired her as "senior director of information security" where she was charged with protecting the information security of the Times's newsroom, sources and reporters. Yesterday, the Times fired her, eliminating […]
Japan's Henn na Hotel chain, owned by the HIS Group, uses "bed-facing Tapia robots" in its rooms; these robots turn out to be incredibly insecure: you can update them by pairing with them using a NFC sensor at the backs of their heads. The robots do not check the new code for cryptographic signatures, meaning […]
In 2017, Equifax admitted that it had doxed America by leaking the nonconsensual dossiers it builds on the nation, covering up the info while its key employees sold off their stock, and then repeatedly lying about the scope of the breach.
If you’re just jumping into app development for Apple’s devices, you’ve picked a heady time. The new iOS 13 has a ton of new features: A versatile SwiftUI language, a boosted role for Siri and a more robust Photos app, just to name a few. And if you’re making the transition from iOS 12? Get […]
Most people don’t spare a lot of thought on the potting for their plants. Perhaps something with a color that matches the walls, but that’s as far as it goes. After all, the plants don’t care what they’re wearing. Do they? Actually, they might. As eye-catching as the AIRSAI Floating Bonsai Plant Pot is, its […]
With the gains real estate has made over stocks in the past 25 years, it’s easy to see why the rich constantly use it to expand their wealth. What’s slightly less obvious is why only the rich seem to ever break into real estate investment. There are a lot of reasons, but a couple of […]