If you’re like a lot of people, you’ve probably worried for many years about other parties spying on you. Maybe it’s a weird and persistent feeling that somebody’s tracking or watching you each time you make a phone call or go online.
In our modern-day ultra connected world, the snoop could be anyone – advertisers, the government, hackers – with the right equipment, spying is quite a real-world possibility.
In fact, we told you about a device called a StingRay, which is essentially a portable, luggage-sized cellphone tower. Once they have a good idea where you are, snoops can switch to a portable device to track you down, to as precisely as a specific room in a building.
Older cellphones that use 2G connections were extremely vulnerable to Stingrays because of the 2G standard’s weak encryption. With the introduction of the newer 3G and 4G LTE standards, the common belief is that this weakness has been remedied with stronger encryption. But is this still true?
3G and 4G LTE networks are vulnerable
Two security researchers at the Black Hat Conference in Las Vegas recently presented a security flaw in 3G and 4G LTE networks that can be hacked with just $1,500 worth of equipment. This exploit can then be used by snoops to track a phone’s location.
The flaw lies in the authentication and key agreement that’s used by the phone to communicate with a cell network securely.
Thankfully, the flaw doesn’t allow the interception of calls or text messages but it does allow an attacker to monitor text and call patterns in addition to location tracking.
They tested their exploit with the equipment they built themselves using a mere $1,500 worth of hardware. This could very well pave the way for next-generation Stingray surveillance devices. For sure, $1,500 is chump change for well-funded hacking groups and government agencies.
The researchers, Ravishankar Borgaonkar and Lucca Hirsch, said that every 3G and 4G LTE network in the world is vulnerable to the attack and there’s currently no real way to fix nor defend against the flaw.
However, they’re hoping that networks will review the security flaw closely and plug the hole when the newer 5G standard rolls out.
What do you think? Is this 3G and 4G LTE flaw a big security concern? Drop us a comment!