5G Security Is a Mess and Banning Huawei WILL NOT Help

The President is right that cellular security is a problem, but not for the reason that he thinks – although that is a problem too.

Researchers at Ruhr-Universität Bochum have discovered a way to compromise 4G cellular security – the cell service that almost all of us use now.

It allows them to impersonate the phone’s owner and book fee based services that get charged to the owner’s phone bill.

It also could impact law enforcement investigations because it would also allow a hacker to access websites using the victim’s identity. In fact do anything the real owner can do.

If the attacker wanted to blackmail someone, they could upload sensitive or compromising information and then lead the cops to that info. The cops would believe the owner did it. Hackers could threaten to do that in order to blackmail someone.

The vulnerability affects all LTE devices – Apple, Android, Windows – even Cellular IoT devices.

And the only way to fix it is by changing the hardware – at both the user end and the cell company end. Any bets on that getting fixed? I didn’t think so.

The team is trying to figure a fix for the next generation (5G). They say that it is possible.

But it is going to cost the cell carriers money.

The additional security requires the phones to transmit more bits, costing the carriers overhead.

And all 5G phones would have to be replaced (DO NOT buy one if you have not already done so).

And the base stations would have to be expanded.

Other than that, it is a piece of cake.

The problem is the lack of integrity protection: data packets are transmitted encrypted between the mobile phone and the base station, which protects the data against eavesdropping. However, it is possible to modify the exchanged data packets.

For more info see Help Net Security and CSO Magazine.

by