5G security concerns

oldschool · June 27, 2024, 7:01pm

Just reading an article on 5G and how it is vulnerable to bypass, DoS Attacks. Makes you wonder if it really worth upgrading your iPhone and service with your Telco when they can’t provide a secure service.

ace · June 27, 2024, 8:49pm

This is the cool bit:

Our research introduces 5GBaseChecker, the first ever dynamic security testing framework designed to uncover logical vulnerabilities, e.g., authentication bypass in the protocol implementations of 5G basebands. With the design of new automata learning and differential testing techniques, 5GBaseChecker not only identifies 0-day vulnerabilities but also facilitates the systematic root cause analysis of the security flaws in commercial 5G basebands. With 5GBaseChecker, we tested 17 commercial 5G basebands and 2 open-source 5G baseband (UE) implementations and uncovered 13 unique 0-day vulnerabilities and 65 vulnerabilities in total.

In other words, they created a tool that increases security significantly because the vendors have now deployed fixes for all the vulnerabilities.

Overall, it sounds like 5G’s security is better than 4G LTE, so avoiding an upgrade for security reasons wouldn’t make sense.

oldschool · June 27, 2024, 10:13pm

It doesn’t sound like either are very secure the way you are looking at it.

ace · June 28, 2024, 10:35pm

I’ve never heard of significant attacks using these sorts of vectors, so I’d say that both are quite secure. If you’re going to worry about the security of basic cellular communication, you just have to give up on cell phones entirely. The fact that billions of people use them every day with no issues says to me it’s not a concern. Maybe if you were a Fortune 500 CEO or highly placed elected official, you might be more concerned, but I assure you that they’re all using cell phones, too.

Shamino · June 28, 2024, 11:41pm

Agreed. I’d just add that there is no such thing as perfect security and if you are discussing something sensitive enough that you don’t want to trust the voice network, there are encrypted apps you can use, including FaceTime. But for ordinary communication, I agree, the network it is secure enough.

I would also note:

This isn’t the first time a hack demonstrated at a security conference never got exploited in the wild. Juice Jacking immediately comes to mind. So be aware, but don’t panic.
With the advent of cheap SDR hardware and open source 4G and 5G stacks (e.g. OpenAirInterface), it is pretty simple to set up a cellular base station, but…
- Connecting that to a normal voice network isn’t as easy as it seems, and you’d need to pay for a circuit into a carrier’s network (e.g. a T1 leased line) in order for people connecting to your station to call anyone connected to somebody else’s base station. These aren’t cheap, so someone doing this is going to have a specific target in mind, and won’t be trolling for random callers.
- It’s much easier to connect it to a data network, but that’s just an Internet connection, which nobody should be trusting anyway. Even if the phone network is secure, your data is going to pass through several other networks with a variety of trustworthiness en route to its destination. Hence the reason for things like HTTPS , VPNs and other encrypted connection technologies.
If you’re worried about government interception, of course, then none of this matters. The phone networks all have factory-installed taps for lawful interception where an agency with a warrant can just request a tap of all your calls without needing to hack anything. If you’re concerned about that, then end-to-end encryption is mandatory.
Old technology is almost certainly less secure. For instance, back in the days of analog cell phones (e.g. the AMPS system), anybody with a radio scanner tuned to the correct frequencies could listen in on any call in range. I personally saw this in action. I don’t think the 2G and 3G systems were any more secure, although you would need a compute to convert the digital data back to audio.

ron · June 29, 2024, 1:32am

Nah, a copy of open-source telephony toolkit asterisk and an account with a SIP provider – generally free or very low cost, plus 1¢/minute while connected.

With AMPS, your scanner would usually pick up only half the conversation but, yeah, trivial to eavesdrop.

All GSM – including 2G, 3G, and LTE – had encryption and were non-trivial to intercept at the outset, but the encryption was eventually broken.