黑料网

News

4G mobile communications system is vulnerable to location tracking

The study uncovered several vulnerabilities using monitoring of mobile communications and setting up fake base stations in laboratory environments.

Monitoring device placed in each of the cells can identify where the target user is located in (Copyright: Altaf Shaik).

4G was thought to provide strong privacy and availability guarantees for mobile users, assuming that for instance tracking the user movement would be impossible or ineffective.

鈥 We built a 4G fake base station and showed that most popular phones can be tricked into giving up location information or degrading their service level, states Professor N. Asokan.

Location leak of the mobile phone may include forcing the 4G device into revealing its location. The target user can be localised within a 2 km虏 area in an urban setting. The necessary equipment for all forms of attacks is inexpensive and readily available. They are even low cost, anyone can purchase the equipment for a little over one thousand euros.

Risks in social media

When a mobile device attaches to a network, it is given a temporary identifier. Temporary identifiers are random and updated frequently, in order to prevent an attacker to link a temporary identifier to the permanent identifier or track movements of a given user. But social network messaging applications, such as Facebook Messenger and WhatsApp, can still be used to trigger signaling messages that leak information to the attacker.

鈥 If you receive messages from people that are not in your friend list in Facebook, these messages end up in the 鈥淥ther鈥 mailbox. The user will not be notified upon the reception of the message. If you also have a Facebook Messenger application installed in your 4G device, these messages in the 鈥淥ther鈥 mailbox cause a paging request by the network. Paging is the process of locating the user in a particular area. A paging request triggered by a Facebook message can allow an attacker to link your temporary identifier to your Facebook identity and track your movements, explains Asokan.

鈥 We also noticed that temporary identifiers are not changed sufficiently frequently. In an urban area temporary identifiers persisted up to three days. In other words, once the attacker knows your temporary identifier, he or she can track your movements for up to three days, states Professor Valtteri Niemi from the University of Helsinki.

4G is a complex system whose design requires making different trade-offs between security and other criteria.

In addition, an attacker may even use a fake base station to accurately pinpoint the target user via GPS coordinates or by the distance from three stations. Yet another way of attacking is a denial of service. The target user can be forced into using 2G or 3G networks or even denied access to all networks. These attacks are persistent and devices require explicit user action to recover, such as rebooting the device.

鈥 An important question is why these attacks are possible. 4G is a complex system whose design requires making different trade-offs between security and other criteria, such as availability, performance and functionality, and this leads to vulnerabilities. Hopefully we will see standardization efforts in the future that allow room for trade-offs that can change over time, concludes Niemi.

This work is being jointly conducted by Aalto University, University of Helsinki, and Technische Universit盲t Berlin and Telekom Innovation Laboratories. The research has been accepted to T2, Black Hat Europe and NDSS 2016 conferences.

More information:
Professor N. Asokan
Aalto University
Department of Computer Science
tel. +358 50 483 6465
n.asokan@aalto.fi

Professor Valtteri Niemi
University of Helsinki
tel. +358 50 483 7327
valtteri.niemi@helsinki.fi

  • T2 October 29-30, 2015 in Helsinki (t2.fi)
  • Black Hat Europe November 13, 2015 in Amsterdam (blackhat.com)
  • NDSS February 21-24, 2016 in San Diego (internetsociety.org)
  • Updated:
  • Published:
Share
URL copied!

Read more news

Portrait of Kimmo J盲rvinen, from the Xiphera team. A man smiling at the camera
Research & Art, University Published:

Researcher-established company Xiphera growing rapidly

Xiphera Oy, which is celebrating its ninth anniversary, has developed hardware-based encryption solutions for the prevention of information security threats. The company is a deep tech company and its products are based on research and produce new technological solutions.
Four people celebrating a Deployable grant award, with large white text and Aalto Founder School logos.
Awards and Recognition, Press releases, University Published:

Prototyping and Validation Grant: Deployable

Four Aalto master's students built a physical AI startup on a borrowed GPU, beat PhD teams at a hackathon, and received Aalto's prototyping and validation grant.
3D brain scan on screen showing colourful neural pathways inside a semi-transparent head model
Research & Art Published:

Applications open for Innovation Postdoc in AI

A fully funded, 12鈥搈onth career track to turn your doctoral discoveries into a deep-tech startup.
Colourful general image promoting Aalto Creatives pre-incubator programme
Campus, Cooperation, Press releases Published:

Applications open: Aalto Creatives pre-incubator autumn 2026

The next Aalto Creatives pre-incubator starts in September. Applications close on 7 September. Join the info event on 27 August to hear from alumni and meet the Aalto Creatives team.