Vulnerabilities Affect All Cellular Networks From 2G
Cybersecurity researchers have identified new vulnerabilities in the handover process — a fundamental cellular communication mechanism that ensures the transfer of a subscriber from one base station to another. According to experts, the gaps affect all generations of wireless telephone technology, starting with 2G.
Today, we will tell you more about this vulnerability.
The digest of cybersecurity fails in 2021 is here.
Specialists from New York University Abu Dhabi (NBAD) have discovered a vulnerability in the handover mechanism which underlies modern cellular networks. In the case of exploitation of the identified bugs, attackers can launch DDoS and MitM (Man-in-the-Middle) attacks, and for this they will only need cheap equipment.
Read more about the danger of DDoS attacks here.
“Handover vulnerabilities are not limited to one implementation of the process but affect many scenarios. As a result, security problems are relevant to this day, while all generations of the cellular network, starting with 2G (GSM), are at risk,” the report of New York University specialists says.
What is handover?
Handover, also known as handoff, is the fundamental mechanism underlying modern cellular networks. In cellular communications, it is transferring subscriber service during a call or data transfer session from one base station to another.
Handover plays an essential role in ensuring an acceptable level of communication for subscribers of telecom operators. For example, this process is indispensable if subscribers are moving around the city in transport during a call because they need to pick up the nearest base station as they travel.
As a rule, handover relies on data sent by the subscriber’s mobile device, which measures the signal strength from base stations. Of course, the developers have provided cryptographic protection for reading smartphone signals, but the content itself is not verified in any way.
In total, experts have identified six vulnerabilities in the handover:
- Insecure broadcast messages (MIB, SIB).
- Unverified reports on signal power measurements.
- Lack of cross-validation at the preparation stage.
- Initiation of a random-access channel (Random-access, RACH) without verification.
- Lack of a recovery mechanism.
- Difficulty distinguishing network failures from attacks.
What is the result?
As a result, a prepared attacker can force the user’s device to connect to a malicious cellular node. The peculiarity of such an attack vector is that the base station cannot process incorrect values in signal strength reports, so a malicious handover will not be recognized.
What can an attacker do in case of successfully exploiting these vulnerabilities? Well, first of all, it’s worth noting that an attacker will have the opportunity to view, modify, and redirect messages exchanged between the victim’s device and the network.
As an experiment, the researchers tested the attack method on devices One Plus 6, Apple iPhone 5, Samsung S10 5G, and Huawei Pro P40 5G. All of them were vulnerable.
Find out the best smartphones to use right now here.