recentpopularlog in

pierredv : imsi   2

ToRPEDO Privacy Attack on 4G/5G Networks Affects All U.S. Carriers | Threatpost | Feb 2019
"Privacy-breaking flaws in the 4G and 5G mobile protocols could allow attackers to intercept calls, send fake amber alerts or other notifications, track location and more, according to a research team from Purdue University and the University of Iowa."

"The researchers uncovered three connected types of attacks that use this paging mechanism. The primary attack, dubbed ToRPEDO (short for TRacking via Paging mEssage DistributiOn), can be used to verify the location of a specific device. Attackers could also inject fake paging messages and mount denial-of-service (DoS) attacks, the team said.

Two other attacks enabled by ToRPEDO, the IMSI-Cracking attack and PIERCER (short for Persistent Information ExposuRe by the CorE netwoRk), allow an adversary to fully uncover the victim’s unique International Mobile Subscriber Identity (IMSI) number, if the phone number is known — opening the door to targeted user location-tracking."

"The TMSI is randomly assigned by the MME and is used to cloak the IMSI from side-channel attacks. The TMSI is supposed to change on a regular basis; however, previous sniffing attacks have been demonstrated that take advantage of the fact that this is not always the case."

"Beyond imprecise location-tracking and device status, ToRPEDO opens the door to much more serious attacks. For instance, once the attacker knows the victim’s paging occasion from ToRPEDO, the attacker can hijack the victim’s paging channel."

"Also, the researchers were able to validate that a tweet mentioning the victim’s Twitter handle triggers paging if the victim sets the Twitter app with push notifications on. This allows the attacker to associate a Twitter persona with a specific phone and phone number – and this likely extends to other services with push notifications, allowing he or she to start building a personal profile of the victim."

"Fortunately, each of the attacks have specific inherent mitigations."

In a paper presented at Mobile World Congress in Barcelona this week, the researchers explained that the issues arise from weaknesses in the cellular paging (broadcast) protocol. They started with the fact that when a mobile device is in its idle, low-power state, it will conserve battery life partly by polling for pending services only periodically.
5G  4G  privacy  IMSI  sniffing  surveillance  cyber-spectrum  spectrum-vulnerability 
february 2019 by pierredv

Copy this bookmark:





to read