Stingrays (AKA IMSI catchers) are a widespread class of surveillance devices that target cellular phones by impersonating cellular towers to them (they're also called "cell-site simulators").
IMSI catchers are so easy to build and operate that they have leapt from police agencies to criminals, and foreign and corporate spies, exposing us all to potential surveillance from all quarters.
That's why it was so important that the new 5G mobile protocol be designed to foil IMSI catchers, and why the 3rd Generation Partnership Project, or 3GPP (the body standardizing 5G) updated the Authentication and Key Agreement (AKA) to resist IMSI catching techniques.
But new research from ETH Zurich and Technische Universität Berlin has revealed a critical flaw in AKA, a defect that not only allows attackers to track the number of calls and texts being sent while a user is connected to the fake tower, but also a count of calls and texts from before the device was compromised. More importantly, the attack allows for fine-grained location tracking.
It’s important to keep in mind here that, for cases of lawful intervention from law enforcement agencies, there are better ways than this attack technique to get location information, such as getting a warrant and getting the information directly from the phone companies. People working outside the legal system, such as spies and criminals, cannot get warrants and cannot typically work directly with the phone companies. Law enforcement does not need the location-finding capabilities of an IMSI catcher unless they are trying to circumvent the legal system.
The 5G Protocol May Still Be Vulnerable to IMSI Catchers
[Cooper Quintin/EFF Deeplinks]
The Internet of Dongs is Brad Haines's term for the world of internet-connected, "teledildonic" sex toys, and Haines, along with Sarah Jamie Lewis, have exhaustively documented all the ways in which internet-connected sex toys can screw you, from leaking private data to physically attacking your junk.
The NSO Group is an Israeli firm that has long marketed itself as a “cyber warfare” company, selling mobile surveillance technology to governments that include notoriously corrupt human rights abusers. One of these is Mexico, where NSO spyware played a key role in targeting teachers and journalists, and missing students. On Thursday, NSO Group announced […]
That massive Equifax data breach on September 7, 2017, shocked everyone, but a year and a half later, where the data of all those 143 million Equifax users ended up is still a mystery.
Breaking into the indie video game market may be easier than you think. It all starts with an idea, and then it’s a matter of finding the right development platform to bring it to life. No matter what that platform is, it’s a good bet that it’s covered in the 2019 Game Dev & Design […]
Learning a new language like Spanish doesn’t have to be hard. Either you can buy a ticket to a Spanish-speaking country, immerse yourself in the culture and pick it up intuitively – or you can do it from the comfort of the chair you’re in right now by logging on to Rocket Spanish. There are […]
When it comes to Valentine’s Day gestures, we encourage you to make the date your own. But we’ve got to admit, you can’t beat the classic appeal of a well-picked, perfectly arranged bouquet of roses. And whether you need them delivered at home or to a long-distance lover, the best call is Teleflora’s Valentine’s Day […]