Interesting People mailing list archives
Security flaw shows 3G, 4G LTE networks are just as prone to stingray phone tracking
From: "Dave Farber" <dave () farber net>
Date: Fri, 28 Jul 2017 11:14:21 +0000
---------- Forwarded message --------- From: Dewayne Hendricks <dewayne () warpspeed com> Date: Fri, Jul 28, 2017 at 5:40 AM Subject: [Dewayne-Net] Security flaw shows 3G, 4G LTE networks are just as prone to stingray phone tracking To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com> Security flaw shows 3G, 4G LTE networks are just as prone to stingray phone tracking The researchers say "very little" can be done to prevent stingray-style surveillance attacks. By Zack Whittaker for Zero Day Jul 26 2017 < http://www.zdnet.com/article/stingray-security-flaw-cell-networks-phone-tracking-surveillance/
Security researchers have revealed a recently discovered vulnerability in modern, high-speed cell networks, which they say can allow low-cost phone surveillance and location tracking. The findings, revealed Wednesday at the Black Hat conference in Las Vegas, detail a cryptographic flaw in the protocol used in 3G and 4G LTE networks which enables mobile devices to connect with the cell operator. It's the latest blow to the long-held belief that modern cell standards and protocols are largely immune from tracking and monitoring, unlike the older 2G cell protocol which uses easy-to-crack encryption. Ravishankar Borgaonkar and Lucca Hirschi, who co-authored the research, found a weakness in the authentication and key agreement, which lets a phone communicate securely with the subscriber's cell network. The agreement protocol relies on a counter that's stored on the phone operator's systems to authenticate the device and to prevent replay attacks, but the researchers found that the counter isn't well protected and partially leaks. That can allow an attacker to monitor consumption patterns, such as when calls are made and when text messages are sent, and track the physical location of a cell phone. But the flaw doesn't allow the interception of calls or text messages. This flaw could pave the way for a next-generation of stingray devices, otherwise known as cell site (or IMSI) simulators. These highly controversial surveillance devices are shrouded in secrecy, but are almost exclusively used by local police and law enforcement, often without warrants, in order to carry out indiscriminate cellular surveillance. They trick cell phones into downgrading to the weaker 2G standard to easily intercept communications and track locations of anyone nearby. Borgaonkar told ZDNet that this flaw would allow attackers to build "next generation" stingray devices. [snip] Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/ Twitter: https://twitter.com/wa8dzp ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170728071440:F08CEBBE-7385-11E7-9988-933FBECFFBE5 Powered by Listbox: http://www.listbox.com
Current thread:
- Security flaw shows 3G, 4G LTE networks are just as prone to stingray phone tracking Dave Farber (Jul 31)