5G is faster and more secure than 4G. But new research shows it also has vulnerabilities that could put phone users at risk.
Security researchers at Purdue University and the University of Iowa have found close to a dozen vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic or silently disconnect a 5G-connected phone from the network altogether. https://techcrunch.com/2019/11/12/5g-flaws-locations-spoof-alerts/ 5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol http://www.documentcloud.org/documents/6544575-5GReasoner.html https://dl.acm.org/citation.cfm?id=3354263 The paper proposes 5GReasoner, a framework for property-guided formal verification of control-plane protocols spanning across multiple layers of the 5G protocol stack. The underlying analysis carried out by 5GReasoner can be viewed as an instance of the model checking problem with respect to an adversarial environment. Due to an effective use of behavior-specific abstraction in our manually extracted 5G protocol, 5GReasoner's analysis generalizes prior analyses of cellular protocols by reasoning about properties not only regarding packet payload but also multi-layer protocol interactions. We instantiated 5GReasoner with two model checkers and a cryptographic protocol verifier, lazily combining them through the use of abstraction-refinement principle. Our analysis of the extracted 5G protocol model covering 6 key control-layer protocols spanning across two layers of the 5G protocol stack with 5GReasoner has identified 11 design weaknesses resulting in attacks having both security and privacy implications. Our analysis also discovered 5 previous design weaknesses that 5G inherits from 4G, and can be exploited to violate its security and privacy guarantees.
_______________________________________________ Medianews mailing list [email protected] http://etskywarn.net/mailman/listinfo/medianews_etskywarn.net
