Presentation Material
Abstract
The security in the 5G network has evolved and is more efficient than the previous generations. In this talk, we visit security features of 5G radio networks and reveal new vulnerabilities affecting both the operator infrastructure and end-devices (including mobiles, NB-IoT, laptop etc). We demonstrate how these new vulnerabilities in the 5G/4G security standards can be exploited using low-cost hardware and software platforms. In particular, we introduce a new automated tool to carry out practical evaluation and share data-sets with the research community. In addition, we reveal implementation issues in hundreds of 4G base stations around the world and in commercially available NB-IoT protocols that can be used to mount battery draining, hijacking and bidding down attacks. Our attacks affect to the range from gigabit high speed LTE devices to NB-IoT devices.
AI Generated Summarymay contain errors
Here is a summary of the content:
The speaker discusses security vulnerabilities in 5G networks, specifically in Narrowband Internet of Things (NB-IoT) devices. These devices are designed to operate for 10 years on a single battery, but the speaker’s experiments showed that an attacker could drain the battery life by up to five times. The problem lies in the power saving mode, which is not activated unless the network tells the device to do so. However, if an attacker acts as a man-in-the-middle, they can disable the power saving mode, causing the device to waste power.
The speaker reported these vulnerabilities to the GSMA and 3GPP SA3, and a fix was implemented in release 14 of the NB-IoT standard. The fix requires the network to replace the capabilities only after establishing security. However, even with this fix, fingerprinting attacks are still possible on NB-IoT devices.
The speaker also mentions that similar vulnerabilities exist in 4G and 5G networks, and that a fundamental problem lies in the way devices advertise their capabilities to the network. This can be used by passive attackers to identify devices. The speaker hopes that a fix for this issue will be implemented in the near future.
In terms of solutions, the speaker suggests that devices should send their capabilities to the network with a hash, which can be verified after establishing security. However, it is unclear if vendors are implementing this solution, and the speaker notes that both implementation and configuration problems need to be addressed.