Security flaw shows 3G, 4G LTE networks are just as prone to stingray phone tracking

["Dave Farber" <dave () farber net>]

---------- Forwarded message ---------
From: Dewayne Hendricks <dewayne () warpspeed com>
Date: Fri, Jul 28, 2017 at 5:40 AM
Subject: [Dewayne-Net] Security flaw shows 3G, 4G LTE networks are just as
prone to stingray phone tracking
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>


Security flaw shows 3G, 4G LTE networks are just as prone to stingray phone
tracking
The researchers say "very little" can be done to prevent stingray-style
surveillance attacks.
By Zack Whittaker for Zero Day
Jul 26 2017
<
http://www.zdnet.com/article/stingray-security-flaw-cell-networks-phone-tracking-surveillance/
>

Security researchers have revealed a recently discovered vulnerability in
modern, high-speed cell networks, which they say can allow low-cost phone
surveillance and location tracking.

The findings, revealed Wednesday at the Black Hat conference in Las Vegas,
detail a cryptographic flaw in the protocol used in 3G and 4G LTE networks
which enables mobile devices to connect with the cell operator.

It's the latest blow to the long-held belief that modern cell standards and
protocols are largely immune from tracking and monitoring, unlike the older
2G cell protocol which uses easy-to-crack encryption.

Ravishankar Borgaonkar and Lucca Hirschi, who co-authored the research,
found a weakness in the authentication and key agreement, which lets a
phone communicate securely with the subscriber's cell network. The
agreement protocol relies on a counter that's stored on the phone
operator's systems to authenticate the device and to prevent replay
attacks, but the researchers found that the counter isn't well protected
and partially leaks. That can allow an attacker to monitor consumption
patterns, such as when calls are made and when text messages are sent, and
track the physical location of a cell phone.

But the flaw doesn't allow the interception of calls or text messages.

This flaw could pave the way for a next-generation of stingray devices,
otherwise known as cell site (or IMSI) simulators.

These highly controversial surveillance devices are shrouded in secrecy,
but are almost exclusively used by local police and law enforcement, often
without warrants, in order to carry out indiscriminate cellular
surveillance. They trick cell phones into downgrading to the weaker 2G
standard to easily intercept communications and track locations of anyone
nearby.

Borgaonkar told ZDNet that this flaw would allow attackers to build "next
generation" stingray devices.

[snip]

Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
Twitter: https://twitter.com/wa8dzp



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170728071440:F08CEBBE-7385-11E7-9988-933FBECFFBE5
Powered by Listbox: http://www.listbox.com