Researchers have identified 11 new vulnerabilities in 5G—with time running out to fix them.
It's not yet prime time for 5G networks, which still face logistical and technical hurdles, but they're increasingly coming online in major cities worldwide. Which is why it's especially worrying that new 5G vulnerabilities are being discovered almost by the dozen.
现在还不是5G 网络的黄金时间,5G 现在还面临着基础设施和技术上的障碍,但是它们正与日俱增地在全球主要城市上线。这样的情况让人特别忧心,因为新的5G漏洞正在被成批发现。
At the Association for Computing Machinery's Conference on Computer and Communications Security in London today, researchers are presenting new findings that the 5G specification still has vulnerabilities. And with 5G increasingly becoming a reality, time is running out to catch these flaws.
今天在伦敦举办的计算机协会的计算机与通信安全会议上,研究者们提出了新的发现,即5G 规范仍然存在漏洞。由于5G 日益成为现实,解决这些缺陷的时间已经不多了。
The researchers from Purdue University and the University of Iowa are detailing 11 new design issues in 5G protocols that could expose your location, downgrade your service to old mobile data networks, run up your wireless bills, or even track when you make calls, text, or browse the web. They also found five additional 5G vulnerabilities that carried over from 3G and 4G. They identified all of those flaws with a new custom tool called 5GReasoner.
普渡大学和爱荷华大学的研究人员在会议上详述了5G协议中11个新的设计问题,这些问题可能暴露你的位置,将您的服务降级到旧的移动数据网络,大量增加你的无线网络账单,甚至追踪你打电话,发短信或浏览网页的记录。他们还发现了从3G 和4G网络遗留到5G中的另外5个漏洞。他们是通过一个叫5GReasoner的新定制工具发现上述问题的。
"We had a hunch when we started this work that there were more vulnerabilities to find," says Syed Rafiul Hussain, a mobile security researcher from Purdue who led the study. "Since many security features from 4G and 3G have been adopted to 5G, there is a high chance that vulnerabilities in previous generations are likely inherited to 5G too. Additionally, new features in 5G may not have undergone rigorous security evaluation yet. So we were both surprised and not so surprised by our findings."
“开始这项工作时,我们就预感会发现更多的漏洞。”负责这项研究的普渡大学的移动安全研究员赛义德·拉菲乌尔·侯赛因说。“因为4G和 3G的许多安全功能被保留在了5G中,那么前几代的漏洞很有可能也留在了5G里。此外,5G的新功能可能尚未经过严格的安全评估。研究结果对我们来说,既在意料之外,也在情理之中。”
One purported benefit of 5G is that it protects phone identifiers, like your device's "international mobile subscriber identity," to help prevent tracking or targeted attacks. But downgrade attacks like the ones the researchers found can bump your device down to 4G or put it into limited service mode, then force it to send its IMSI number unencrypted. Increasingly, networks use an alternative ID called a Temporary Mobile Subscriber Identity that refreshes periodically to stymie tracking. But the researchers also found flaws that could allow them to override TMSI resets, or correlate a device's old and new TMSI, to track devices. Mounting those attacks takes only software-defined radios that cost a few hundred dollars.
据说5G的一个优点是它保护电话识别符,例如设备的“国际移动用户识别码”,这有助于防止被追踪或者针对性攻击。但是就像研究院发现的,降级攻击可以将你的设备降到4G或者使其进入受限服务模式,然后强制其发送未加密的国际移动用户识别码(IMSI)。网络越来越多地使用一种称为“临时移动用户识别码”(TMSI)的备用ID,这个ID会定期刷新以阻扰追踪。但是研究人员还发现了一些新的漏洞,可能会使他们使临时移动用户识别码重置失效,或者将旧的和新的临时移动用户识别码关联起来,以跟踪设备。进行这些攻击仅需要花费几百美元的软件定义无线电。
The 5GReasoner tool also found issues with the part of the 5G standard that governs things like initial device registration, deregistration, and paging, which notifies your phone about incoming calls and texts. Depending on how a carrier implements the standard, attackers could mount "replay" attacks to run up a target's mobile bill by repeatedly sending the same message or command. It's an instance of vague wording in the 5G standard that could cause carriers to implement it weakly.
5GReasoner工具在5G标准中也发现了部分问题,它管理着初始设备注册,注销,以及向你的电话通知来电和短信的呼叫功能。根据运营商实施该标准的方式,攻击者可以通过重复发送相同的信息或指令发起“重播”攻击,从而让被攻击者的移动费用激增。这是5G标准措辞含糊不清的一个例子,可能会导致运营商不能有力地实施标准。
The 5G rollout is very much in progress now after years of development and planning. But researchers' findings underscore that the data network is going live with some vulnerabilities and flaws still in place. No digital system is ever perfectly secure, but this many flaws still emerging is noteworthy, especially since researchers have found so many bugs clustered around serious issues like network downgrading and location tracking.
经过多年的发展规划,现在5G铺设取得了很大进步。但是研究者们的发现表明,数据网络将会与一些仍然存在的漏洞和缺陷并存。没有任何一个数字系统是绝对安全的,但是这些浮现出来的问题值得关注,特别是研究者发现许多漏洞都被网络降级和位置追踪这些严重的问题包裹着。
The researchers submitted their findings to the standards body GSMA, which is working on fixes. "These scenarios have been judged as nil or low-impact in practice, but we appreciate the authors’ work to identify where the standard is written ambiguously, which may lead to clarifications in the future,"GSMA told WIRED in a statement. "We are grateful to the researchers for affording industry the opportunity to consider their findings and welcome any research that enhances the security and user confidence of mobile services."
研究人员将他们的发现递交给了标准机构全球移动通信系统联盟(GSMA),该联盟现在正在改进。“这些情况在实际中被认为是无影响或者影响很小,但是我们很感谢研究者们的工作,以确定标准中写得模棱两可的地方,未来我们可能会进行澄清。” GSMA在给《连线》杂志的一份声明中说。“我们非常感谢研究者们给业界提供了一个机会来思考他们的研究成果,并欢迎任何能加强移动服务中安全性和用户信心的研究。”
The researchers note that a limitation of their study is that they didn't have access to a commercial 5G network to test the attacks in practice. But they point out that while GSMA says the attacks are low impact, it still listed the work in its Mobile Security Research Hall of Fame.
研究人员指出,他们研究的局限性在于他们无法访问商业5G 网络来实际测试这些攻击。但他们指出,尽管GSMA认为这些攻击的影响很小,但它仍将这项工作列在来它的移动安全研究名人堂中。
"The thing I worry about most is that attackers could know the location of a user," Purdue's Hussain says. "5G tried to solve this, but there are many vulnerabilities that expose location information, so fixing one is not enough."
“我最担心的事是攻击者可能知道用户的位置。”普渡大学的侯赛因说,“ 5G试图解决这个问题,但是还有其他的漏洞也会暴露位置信息,因此仅仅解决一个是不够的。”
Improving the security of the 5G standard through community scrutiny is a necessary process. But with 5G rolling out more and more widely every day, time is running short to catch and resolve vulnerabilities that could expose user data worldwide.
通过团体审查提高5G标准的安全性是不可或缺的。但是随着5G每天越来越广泛地铺设,留给我们发现和解决这些可能暴露全球用户数据漏洞的时间越来越少了。
