Flaws in 3G protocol make devices susceptible to tracking

By on October 9, 2012, 3:00 PM

Security researchers from the University of Birmingham have discovered a flaw in 3G-enabled mobile phones that could allow someone to track a device at any given time. Unfortunately there’s no software hot-fix available as the problem is ingrained in the design of the 3G protocol logic.

The 3G standard was designed to protect a user’s identity when on a given network. A device’s permanent identity, known as International Mobile Subscriber Identity (IMSI) is protected on a network by being assigned a temporary identity called a Temporary Mobile Subscriber Identity – TMSI. The TMSI is updated regularly while the 3G networks are supposed to make it impossible for someone to track a device even if they are eavesdropping on the radio link.

Researchers have discovered that these methods can easily be sidestepped by spoofing an IMSI paging request. Such a request is used by networks to locate a device so it can provide service.

"The possibility of triggering a paging request for a specific IMSI allows an attacker to check a specific area for the presence of mobile stations of whom he knows the identity, and to correlate their IMSI and TMSI," the researchers point out.

If that weren’t enough, researchers have discovered another vulnerability related to the Authentication and Key Agreement (AKA) protocol. This is used by networks to authenticate a device but by sniffing the AKA request, it’s possible to detect the “secret long-term key” (K IMSI). Once detected, the AKA can be relayed to all devices in a given area. Every device except the target device will return an authentication failure.

It’s possible to exploit either of these vulnerabilities simply by using hardware that’s readily available like femtocells and some technical know-how.

User Comments: 8

Got something to say? Post a comment
jobeard jobeard, TS Ambassador, said:

That's the long way around the barn. most smartphones now have location services enabled by default. Make sure you manually disable ALL occurrences of same. at least you don't leave the barn door open as an invitation - - make'm work for it.

tehbanz tehbanz said:

I smell big brother.

TekGun TekGun said:

So why did it take 10 years to find this out, or is it only now people are allowed access?

Upio said:

Flaw or Feature?

Burty117 Burty117, TechSpot Chancellor, said:

So why did it take 10 years to find this out, or is it only now people are allowed access?

4G is being rolled out everywhere, how else do you get people to move to a new technology other than scaring them with security flaws?

Guest said:

This has been known for a while. The attack depends on service provider employing bad (or no) encryption on one of the levels. It is of limited value as security services have better (= more expensive but far more reliable and user-friendly) technology at their disposal.

rvnwlfdroid said:

Oh no a security flaw that would let people know where I'm at. I guess if I were running from the law I might worry about it. Since I'm not it's no skin off my hide. As the first post said "location services" are a much easier way to go anyway.

I don't know about you (I don't) but how many people post their location on face book every time they leave the house?

amstech amstech, TechSpot Enthusiast, said:

Call me a crazy conspiracy theorist but you gotta be pretty gullabe to believe that Uncle Sam can't monitor, record and collect any data from any network, whenever and however he wants.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.