When 3G was phasing out 2G networks, one of the main advantages of the new technology was that, unlike 2G cell protocol whose encryption was easy to crack, the new cell standards and protocols are largely immune from tracking and monitoring, or so we thought.
Security researchers have discovered a vulnerability in 3G and 4G networks that allow location tracking.
The report details a weakness in the authentication and key agreement, which lets a phone communicate securely with the subscriber’s cell network. The agreement protocol relies on a counter that’s stored on the phone operator’s systems to authenticate the device and to prevent replay attacks, but the researchers found that the counter isn’t well protected and partially leaks. That can allow an attacker to monitor consumption patterns, such as when calls are made and when text messages are sent and track the physical location of a cell phone.
In an interview with ZDNet, Ravishankar Borgaonkar, a co-author of the report, said that “due to low-cost hardware and software setup, we would not be surprised to see criminal stalking and harassment to more mundane monitoring of spouse or employee movements, as well as profiling for commercial and advertisement purposes.”
The report indicates that the flaw is part of the 3G and 4G standard, the weakness affects all mobile network operators worldwide.
To scare you some more, the researchers say that “very little can be done to protect against these kinds of attacks, in part because mobile operating systems don’t detect radio-level attacks.”
Light at the end of the tunnel is that the flaw doesn’t allow the interception of calls or text messages. Plus, there’s the possibility that this issue could be fixed with the upcoming 5G standard – when we eventually get there.