The 3G, 4G and 5G flaw that was discovered by cybersecurity researchers is set to be fixed by the end of 2019. In terms of severity, they describe it to be the most critical one by far.
The bad guys can take advantage of it to create IMSI-catchers. The researchers believe the vulnerability affects the Authentication and Key Agreement (AKA). Basically, this is a way to provide authentication between a user’s smart device and cellular networks.
In practice, exploiting the vulnerability by using IMSI-catcher devices translates to:
– Intercepting mobile phone metadata
– Snooping on the smart device’s location
The new vulnerability discovered by SINTEF Digital Norway, however, allows for the creation of a new breed of IMSI catchers. By using them, it’s possible to read the number of sent and received text messages, for example. Furthermore, the research team warns that users affected by this can be tracked for a long period of time, even after they’ve left the attack area.
Tracking the numbers of calls and text messages may seem innocent enough on the surface, but in reality, it can be used for something much more sinister such as spying on politicians or embassy officials. Since the flaw can also be exploited for profiling the victim, better ad targeting is another way to take advantage of it.
Since information regarding the victim’s whereabouts can easily be deduced by observing when the phone enters or exits fake mobile stations deployed in an area, privacy concerns are another issue that’s on the plate.