A defect in the GSM-standard allows you to track the location of any 3G-devices.
Researchers from the University of Birmingham and Berlin Technical University discovered a vulnerability in the GSM-standard for identifying the location of 3G-devices using public equipment.
Security issues were identified cellular standard in the past, but they demanded that the attacker special skills. The current exploit virtually every available because it does not need any exotic cryptographic procedures or to obtain security keys.
Experts, using the usual, but with administrative privileges root-base femtostantsiyu broadcasting the 3G-signal, conducted two types of attacks: the IMSI-notification and protocol authentication and key agreement (AKA).
The attack on the IMSI-notification (International Mobile Subscriber Identity, international mobile subscriber identity) causes the mobile device to show your IMSI-number in response to a request TMSI-(Temporary Mobile Subscriber Identity, a temporary mobile subscriber identity) - just as the regulatory authorities disclose anonymity phones, tracking them by their unique ID number.
The attack on the AKA-protocol sends an authentication request to all phones in an accessible surface, and all devices, except the target, fail to synchronize. In this way, verified the presence of the desired device in a certain area.
The researchers tested the existence of vulnerabilities in networks of T-Mobile, Vodafone and O2 in Germany and SFR in France. It became clear that the attacks affect every service, adhering to standard 3G GSM. Along the way, it turned out that the required equipment can be used to track the movement of phones inside buildings with femtocells.
GSM-standard previously been put at risk, as it allows to clone and track the location of phones. New types of attacks are based on weaknesses in the standard protocol, not on some "holes" in the device or the principles of its encryption.
Комментариев нет:
Отправить комментарий