Presentation Material
Abstract
The 3G and 4G devices deployed worldwide are vulnerable to IMSI catcher aka Stingray devices. The next generation 5G network may address user’s privacy issues related to these IMSI catcher attack techniques. However in this talk, we introduce new attack vectors that enable tracking and activity monitoring of mobile users.
In particular, we uncover a new flaw in the widely deployed cryptographic protocol in 3G and 4G cellular networks. We discuss different methods to exploit this flaw using low-cost setup. Further, we present several attacks to demonstrate their impact on end-users carrying 3G and 4G devices. Lastly, we discuss countermeasures to address these privacy issues.
AI Generated Summarymay contain errors
Here is a summarized version of the content:
The speaker discusses a security vulnerability in mobile networks, particularly with SIM cards. They explain that vendors like Ericsson and Nokia use default values for policy management, which can lead to unawareness about what’s happening behind the scenes. The problem lies in the reprogrammable nature of SIM cards, allowing anyone to continuously face authentication tokens without rate limiting. This attack is hard to detect as it appears as a legal message from a country like the UK.
The speaker suggests that protection is needed, and they have informed 3GPP (a standards organization) about this standardization flaw. They are considering creating guidelines for sequence number values. The attack is similar to SS7 attacks but harder to detect.
The speaker also mentions that end-users can’t do much to prevent tracking as long as they use SIM cards. However, using Wi-Fi instead of 3G or 4G networks can provide some protection. They express hope that the problem will be fixed in 5G (Phi G) protocol design, but as a protocol designer, they are aware that even with public key encryption mechanisms, tracking may still be possible.
The speaker concludes by highlighting the need for mobile operators to evaluate their XQ acceptance policy and rate limit protections. They also mention that the Phi G protocol is being designed, and hopefully, it will address these requirements.