back to article And that's now all three LTE protocol layers with annoying security flaws

Boffins have demonstrated how intelligence agencies and well-resourced hackers can potentially spy on people – by studying and meddling with mobile data flying over the airwaves. The computer scientists have described in detail novel surveillance techniques that allowed them to identify people within a phone tower's radio cell …

  1. Anonymous Coward
    Anonymous Coward

    Some will suggest this was deliberate

    But the fact that LTE and especially 5G was designed with IoT in mind, as well as being aware that much of the world still wants phones to cost $20 or less, doesn't leave a lot of room for mandatory security features.

    The spy agencies don't have to plant holes, they just need to sit back and wait for the inevitable shortcomings and mistakes. It would be nice though to see 3GPP quit focusing on more and more speed by using larger and larger chunks of bandwidth, and have a release that's focused on security. It can be optional for end devices, that's fine, but it should be mandatory on the carrier side when the end device supports it. Then we just need Apple & Google to provide us with a way to tell if our devices have connected in a secure manner or not (make it show LTES and 5GS instead of LTE/5G in the status or something)

  2. Anonymous Coward
    Anonymous Coward

    And with IvP6 interface identity

    you'll be easy game indeed, they won't miss.

  3. Anonymous Coward
    Anonymous Coward

    Its totally fine, nothing to see here

    Its not like anyone uses 4G as we're all on 5G according to sales reps...

  4. Anonymous Coward
    Anonymous Coward

    Control DNS and you control where those Browser HTTP queries go to;

    Construct a malicious web page on the malicious web server redirected to with a Zero Day exploit and Mielke's your Onkel.

  5. mark l 2 Silver badge

    If you are someone who is likely to be spied on by a oppressive government then surely your going to be using some sort of encrypted tunnelling like a VPN and not visiting sites that don't have HTTPS turned on. Also it would rely on you connecting to their compromised cell tower rather than being on the move and connecting to multiple towers. Which makes them being able to use this exploit quite difficult.

    1. Anonymous Coward
      Anonymous Coward

      I think you're correct that those are good ideas, but the bigger picture is that flaws like these should be spotted well before a standard is advanced and that supposed democracies have any dealings, at all, with repressive regimes. Too far to the left or the right and you wind up with an oppressive oligarchy whether its of the Fascist or Communist variety. I think NA was headed in the right direction in the 1960s and 1970s. Margaret "The Iron Lady" Thatcher and Ronald "Ray Guns" Reagan, under the influence of the extremely wealthy have moved the middle so far to right that it'll, potentially, take generations to get back to the center.

    2. Nick Kew

      I think you're saying much the same as I was about to.

      We seem to be describing a (new?) set of methods to accomplish attacks that are already well-known on the 'net in general. Traffic interception and misdirection are risks we all know about, and choose whether to live with or protect against according to the nature and sensitivity of whatever we're doing. Thus reading El Reg, it's no big deal if Evil-MITM interferes. But doing my banking, I want security!

  6. Scroticus Canis
    Meh

    "5G will hopefully fix it"

    And then probably introduce a host of new attack vectors. Ho bloody hum!

    1. Voland's right hand Silver badge

      Re: "5G will hopefully fix it"

      Nope, it will not. Most of the protocol stack has been finalized so if it is not fixed by now it ain't getting fixed in the initial release.

    2. phuzz Silver badge

      Re: "5G will hopefully fix it"

      From TFA:

      However, the current 5G specification does not require this security feature as mandatory, but leaves it as optional configuration parameter.

      So lazy/cheap operators aren't going to enable this, plus a stingray type device is obviously not going to enable this, making a downgrade attack easy.

      (Well, easy if you've got a few grand's worth of gear, but what costs $4k today will be $400 in a few years time.)

  7. LordHighFixer

    Puleeeeeze

    Any communications short of shielded cables between Faraday cages is subject to snooping. Even entangled photons, given enough re$ource$....

  8. DerekCurrie
    IT Angle

    LTE Advanced? (aka REAL 4G)

    Has there been analysis of LTE Advanced?

    Of course, it would be nice if there was much of anywhere to get and use LTE Advanced where I life (USA). My phone has been able to use it for over 2.5 years. So where is it already, stupid, lazy, money grubbing, parasitic mobile data providers?)

    (LTE prior to LTE Advanced is not actually 4G, but fast 3G technology. It doesn't meet the real 4G standard. It's only called '4G' due to pressure from particularly moronic marketing morons, as opposed to marketing mavens).

  9. Pascal Monett Silver badge
    Trollface

    "an agent needs to set up a malicious cell tower to tamper with transmissions"

    No problem there, apparently those things are being set up all the time in Washington DC and they're only noticed when they've been taken down.

  10. steelpillow Silver badge
    Thumb Up

    How hard can it be?

    Any communications system is a compromise between security and speed. The more and harder you bury stuff, the more and harder work you have to do to get a given message across.

    Most users will be happy to lean towards speed, others quite the reverse. A good infrastructure is one which offers the user a wide choice between the two extremes and then makes it easy to choose.

    I doubt that a commercial high-traffic system can ever be immune to hi-tech spoofing attacks by well-heeled agencies, the best one can do is to make it damn hard.

    LTE is not a bad system, though it could do better.

  11. -tim
    Facepalm

    So much more to come

    I do like the customization option where the carrier can tell a modern phone that the "2G" it should be displayed in the corner showing that a Stingray clone has capture the connection should be displayed with an icon that happens to have "99G" or whatever on it.

  12. Claptrap314 Silver badge
    Facepalm

    If only

    We had some National Agency dedicated to the Security of our communications. I bet they would have figured out that this sort of thing was a likely problem years ago...

    Seriously, if our governments were half as interested in protecting us as they say, this sort of thing would not pass initial review.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like