Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

ZDNet: 一个同时影响5G, 4G 和 3G 电话协议 (AKA协议) 的安全漏洞

wpadmin~February 9, 2019 /InfoSec

Contents

ZDNet: 一个同时影响5G, 4G 和 3G 电话协议 (AKA协议) 的安全漏洞

TL;DR

summary from slashdot

A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards. From a report:

Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols. This new vulnerability has been detailed in a research paper named “New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols,” published last year.

According to researchers, the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user’s phone and the cellular networks. The AKA protocol works by negotiating and establishing keys for encrypting the communications between a phone and the cellular network.

一些欧洲研究者 (SINTEF Digital Norway, ETH Zurich, and the Technical University in Berlin) 发现了 5G AKA 协议的一个新型漏洞,并指出该漏洞还影响 4G 和 3G 的通信网络。通过利用这个漏洞,一些大规模监控技术提供商(IMSI-catcher vendor)可以开发更强的设备。比如提供如下功能:

1 获取该手机短信、通话对象的手机号 (number of sent and received texts and calls)
2 假设被攻击目标短暂地离开基站 (fake base station / IMSI-catcher device) 范围一小段时间,之后重新进入基站范围时,离开基站范围期间的活动仍能监控。

论文中举例的几个应用场景

1 隐bzx场景
假设在使馆边有基站。攻击者不仅可以获取相关工作人员白天的通信活动,也可以获得晚上的和出差时的通信活动。因此攻击者可以了解到,目标可能对于私人使用使用不同的SIM卡(目标在家时无通信活动);可以发现在某些时段目标特别繁忙(目标有大量电话和短信)。

2 商户收集客户数据场景
(在 商户 WiFi 已经存在应用类似的攻击)

细节信息

原始新闻报道
New security flaw impacts 5G, 4G, and 3G telephony protocols
https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/

原始论文
New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols
https://eprint.iacr.org/2018/1175.pdf

其他参考资料

5G规范安全性和协议漏洞分析(上篇)
http://www.4hou.com/wireless/13826.html

5G规范安全性和协议漏洞分析(下篇)
http://www.4hou.com/wireless/13827.html

Leave a Reply

Your email address will not be published. Required fields are marked *