[CSS-research] 5G and the IMSI catchers

Cooper Quintin cooperq at eff.org
Mon Jan 28 17:43:28 PST 2019 

I finally got around to writing a blog post about this paper:
https://www.eff.org/deeplinks/2019/01/5g-protocol-may-still-be-vulnerable-imsi-catchers


Cooper Quintin
Senior Staff Technologist | EFF
PGP: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
Twitter: @cooperq

On 12/14/18 4:18 PM, Cooper Quintin wrote:
> Super interesting paper, the main attack seems to be the abililty to
> obtain n bits of the SEQ identifier used in the authentication and key
> agreement protocol. Obtaining the SEQ allows an attacker to
> differentiate unique UEs and determine how many outgoing communications
> (calls and SMS in aggregate) have been sent. The attacker can then also
> measure how many communications were sent outside the target area when
> the victim moves back into the target area by observing how much the
> sequence number has grown. Apparently also the differentiation of
> devices allows the attacker to determine if a specific device is in the
> area, as described in section 4.3, by comparing a known CONCā° parameter
> of a target phone to a random CONC parameter. What I don't understand
> from the paper is how an attacker would accquire the CONC parameter from
> a specific phone in the first place, presumably knowing only it's IMSI.
> 
> Cooper Quintin
> Senior Staff Technologist | EFF
> PGP: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
> Twitter: @cooperq
> 
> On 12/7/18 3:38 AM, Siddharth Rao wrote:
>>
>>
>> Recently I attended a lecture where I was told that 5G is going to be an
>> "IMSI-catcher free". Well! IMSI catchers seem to bother us even in the
>> 5th gen cellular networks.
>>
>> Yet another great work by Ravi et.al <http://et.al>.
>> https://eprint.iacr.org/2018/1175.pdf
>>
>> -- 
>> Thanks and Regards,
>> *Sid*
>>
>> Siddharth Prakash Rao
>> Ford-Mozilla Open Web Fellow
>> <https://advocacy.mozilla.org/en-US/open-web-fellows/fellows2016> @
>> EDRi, Belgium <http://edri.org/>
>> Doctoral Candidate <https://users.aalto.fi/~raos1/> @ Secure Systems
>> Research Group
>> <http://cs.aalto.fi/en/research/research_groups/secure_systems/> - Aalto
>> University, Finland <http://www.aalto.fi/en/>
>>
>> *Twitter*/: @sidnext2none <https://twitter.com/sidnext2none>/
>> *Website*/: http://siddharthrao.me/academic
>>
>> /
>>
>> _______________________________________________
>> CSS-research mailing list
>> CSS-research at lists.eff.org
>> https://lists.eff.org/mailman/listinfo/css-research
>>
> _______________________________________________
> CSS-research mailing list
> CSS-research at lists.eff.org
> https://lists.eff.org/mailman/listinfo/css-research
>

More information about the CSS-research mailing list