Flaws in 3G protocol make devices susceptible to tracking

Security researchers from the University of Birmingham have discovered a flaw in 3G-enabled mobile phones that could allow someone to track a device at any given time. Unfortunately there's no software hot-fix available as the problem is ingrained in the design of the 3G protocol logic.

The 3G standard specifies that it should provide user identity confidentiality preventing the user's permanent identity (International Mobile Subscriber Identity - IMSI) from being revealed. In order to help obscure the real identity on the network, temporary identities (Temporary Mobile Subscriber Identity - TMSI) are assigned to devices, and these are regularly updated. 3G networks should also make it impossible for a user to be traced even if an intruder was eavesdropping on the radio link.

However, the researchers found that both these requirements, previously found to be vulnerable in the past, can be circumvented reasonably easily. Any device would be vulnerable, the researchers said, as the problems are hard-wired into the design of the 3G system itself.

"The attacker does not need to know any keys, nor perform any cryptographic operation... [These] kind of vulnerabilities usually look trivial once uncovered but often remain unnoticed for [a] long time, since they do not involve fancy cryptography but are caused by errors in the protocol logic," the researchers say.

Read more -here-

• US moves to force ByteDance to sell TikTok
• Ray-Ban Meta smart glasses can now play Apple Music
• Apple's AI will work without an Internet connection
• Tesla recalls new Cybertrucks over accelerator hazard
• Comcast rolls out 'Now' prepaid phone and internet plans
• Logitech adds ChatGPT button to hardware