New Security Flaw Impacts 5G, 4G, and 3G Telephony Protocols

A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards. From a report: Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols. This new vulnerability has been detailed in a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year.

According to researchers, the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks. The AKA protocol works by negotiating and establishing keys for encrypting the communications between a phone and the cellular network.

Re:

[viperidaenz]

Apple are waiting on 5G because they've burnt their bridges with the biggest 5G modem supplier.
They need to wait for Intel to catch up.

Re:

[TheGratefulNet]

intel?

oh, what I wish I could say about intel and their modems.

how I WISH I could say stuff.

but I can't.

Typo

[astrofurter]

There is another typo in this headline. It should read:

"Old Anti-Security Feature Impacts 5G, 4G, and 3G Telephony Protocols"

No problem

[110010001000]

I only use the AMPS network. I knew this "3G" stuff looked bad.

Re:

[AHuxley]

The GCHQ was never going to let Ireland have secure and encrypted communications.
Location, plain text and voice prints from any new network that was going to be designed for use in Ireland/UK.
The NSA and GCHQ was never going to let any emerging communications network be secure and encrypted globally.
Police and security forces around the world like total control over their own nations smart phone networks before they are installed and used.
Every network is and was open to advanced real time police and mi

Re:

[TheGratefulNet]

you are right.

any phone that is accepted by a local government is unsafe to use, if you NEED privacy and trust.

build your own layers on top, but assume all transports are compromised. they are. baked thru in silicon.

phones are crap and 'they' like it that way.

Re:

[AHuxley]

The networks has just enough junk crypto to stop low tech eavesdropping and very easy service cloning.

Re:

[Slayer]

There are a gazillion hacks out there to reroute or sniff telephone data traffic, but pretty much nothing for messing with the billing. For whatever reason, phone companies got the latter designed and implemented very well. Makes one wonder ...

Lesson

[Kernel Kurtz]

Encryption you have no interaction with and no control over is not secure.

Carry on.