ZDNet: 一个同时影响5G, 4G 和 3G 电话协议 (AKA协议) 的安全漏洞

wpadmin~February 9, 2019 /InfoSec


ZDNet: 一个同时影响5G, 4G 和 3G 电话协议 (AKA协议) 的安全漏洞


summary from slashdot

A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards. From a report:

Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols. This new vulnerability has been detailed in a research paper named “New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols,” published last year.

According to researchers, the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user’s phone and the cellular networks. The AKA protocol works by negotiating and establishing keys for encrypting the communications between a phone and the cellular network.

一些欧洲研究者 (SINTEF Digital Norway, ETH Zurich, and the Technical University in Berlin) 发现了 5G AKA 协议的一个新型漏洞,并指出该漏洞还影响 4G 和 3G 的通信网络。通过利用这个漏洞,一些大规模监控技术提供商(IMSI-catcher vendor)可以开发更强的设备。比如提供如下功能:

1 获取该手机短信、通话对象的手机号 (number of sent and received texts and calls)
2 假设被攻击目标短暂地离开基站 (fake base station / IMSI-catcher device) 范围一小段时间,之后重新进入基站范围时,离开基站范围期间的活动仍能监控。


1 隐bzx场景

2 商户收集客户数据场景
(在 商户 WiFi 已经存在应用类似的攻击)


New security flaw impacts 5G, 4G, and 3G telephony protocols

New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols




Leave a Reply

Your email address will not be published. Required fields are marked *