4

At Blackhat yesterday Ravishankar Borgaonkar and Lucca Hirschi revealed an attack on the security protocols underlying current 3/4g networks. Parts of the tech press are have indicated this could lead to a new generation of Stingray like devices able to attack phones using the newer protocols.

What exactly have the researchers managed to achieve, and is it as bad as the press are making it out?

Hector
  • 10,893
  • 3
  • 41
  • 44

1 Answers1

1

First of all, from your own linked article -

While this flaw doesn’t reportedly allow attackers to intercept calls or messages, it does enable them to monitor consumption patterns and track the phone location.

I.e. they can't see what you are sending or to who. But with several monitoring devices they could triangulate your phone location and know when you are on calls / sending messages. Its also worth noting that this attack tracks a counter managed by your phone. Before you could track a users device you would have to identify which counter is them.

There are also known flaws in 3G encryption - which I would view as more of a risk than this.

The main issue here is that to use this you only need passive monitoring equipment - so it is cheap. I'd argue if you're worried about a state actor you should also be questioning if you can trust your network provider.

So the real risk is stalkers and PI's - who will also usually have a better opportunity to identify which device is you. It is also easier for these parties to identify your device - A stalker can call you and watch for the device receiving a call at exactly that time and duration. The CIA is unlikely to risk doing the same thing with a suspect and tipping them off!

Hector
  • 10,893
  • 3
  • 41
  • 44