New Vulnerabilities in 5G Networks

Presented at Black Hat USA 2019, Aug. 7, 2019, 1:30 p.m. (50 minutes).

The security in the 5G network has evolved and is more efficient than the previous generations. In this talk, we visit security features of 5G radio networks and reveal new vulnerabilities affecting both the operator infrastructure and end-devices (including mobiles, NB-IoT, laptop etc). We demonstrate how these new vulnerabilities in the 5G/4G security standards can be exploited using low-cost hardware and software platforms. In particular, we introduce a new automated tool to carry out practical evaluation and share data-sets with the research community. In addition, we reveal implementation issues in hundreds of 4G base stations around the world and in commercially available NB-IoT protocols that can be used to mount battery draining, hijacking and bidding down attacks. Our attacks affect to the range from gigabit high speed LTE devices to NB-IoT devices.


Presenters:

  • Altaf Shaik - M.Sc., Technical University of Berlin and Kaitiaki Labs
    Altaf Shaik is a principal security researcher at Kaitiaki Labs and currently pursuing PhD at the Technical University of Berlin. He is experienced in analyzing cellular network technologies from radio to networking protocol layers. His recent renowned research includes low-cost 4G IMSI catchers and security issues in several cellular baseband chipsets.
  • Ravishankar Borgaonkar - Dr., SINTEF Digital
    Dr. Ravishankar Borgaonkar works as a research scientist at Sintef Digital and undertakes research in securing next generation digital communication. His primary research themes are related to mobile telecommunication and involved security threats. This ranges from 2G/3G/4G/5G network security to end-user device security. After receiving his PhD in 'security in telecommunication' area from the technical university of Berlin, he was a security researcher at Deutsche Telekom's lab for 3 years. Since that time he has worked for Intel Collaborative Research Institute for Secure Computing at Aalto University, as well as for the University of Oxford. He has found several protocol flaws in 3G/4G technologies. The demonstrated vulnerabilities affected billions of 3G/4G devices and resulted a change in the existing 3G/4G communication standards.

Links:

Similar Presentations: