
New 5G flaws can track phone locations and spoof emergency alerts - kumaranvpl
https://techcrunch.com/2019/11/12/5g-flaws-locations-spoof-alerts/
======
llarsson
Given how common government surveillance is these days, enabled especially by
certain companies that consider themselves pioneers in the 5G space, I am not
overly convinced that this functionality is unintentional.

Interesting how the GSMA claim that these vulnerabilities are "judged as nil
or low-impact in practice". It doesn't sound like low-impact if used to target
specific people.

~~~
rusk
> Interesting how the GSMA claim

The GSMA is an industry body for coordinating interoperating standards. You
couldn’t even say it has been “compromised” because it doesn’t really have any
social mandate.

~~~
Nokinside
GSMA represents network operators. They don't coordinate standard.

3GPP makes the spec and sends it for ITU for ratification. 3GPP has 7
organizational partners: USA represented by ATIS, ETSI for EU and CCSA for
China. GSMA is one of the 17 invited market representation partners who can
provide advice and participate in consensus decision making but have no vote.

~~~
rusk
Sure. But the substance of what I was saying still stands no?

------
jeltz
Anyone doing this would of course risk jail time but I wonder if not the only
thing which would force them to fix the security issues in the cell phone
protocols would be some large scale attacks from ordinary citizens. The cell
phone protocols just seem like a total mess with security issues left in them
for legacy reasons and various vulnerabilities used by police forces.

~~~
nkrisc
> Anyone doing this would of course risk jail time

I think the folks who would be most likely to be be using these exploits are
the _last_ people who would ever face fail time for it: folks working for some
three letter agency. They're not going to go to jail for their government-
sanctioned abuse of these flaws.

~~~
jeltz
Maybe I expressed myself poorly but I think you missed my point. My point was
that the only way to force people to fix the issues is if ordinary hackers who
are _not_ working for any three latter agency start attacking the
infrastructure too. And if you do that you risk prison time, even if you only
do harmless exploits to highlight weaknesses.

~~~
seph-reed
As an individualist nation, there's little likelihood anyone will throw
themselves away for the collective. Doubly so because the collective is super
fucking thankless and turns everything it gets into garbage.

I've really been debating the idea if there's any point of trying to help at
all at this point, and my current conclusion is: we're already wayyyy down the
dystopia line. The only hope at this point is AI which will either save us or
(hopefully) bring the great filter sooner (which means less suffering). But I
no longer believe in protest.

------
rshnotsecure
Spoofed phone alerts are the new leaflet propaganda. They will be used to
generate a significant amount of confusion and some terror abroad by whoever
just decides to do it first:
[https://en.m.wikipedia.org/wiki/Airborne_leaflet_propaganda](https://en.m.wikipedia.org/wiki/Airborne_leaflet_propaganda)

~~~
jimmaswell
The same vulnerability has existed a long time in the possibility of
broadcasting over FM/AM stations too.

------
TheUndead96
"flaws"

~~~
g105b
It's not a flaw, it's a feature!

------
totoasticot
As did 4G. Nothing new.

~~~
0b0001
The authors mention the headline attacks in a side note only. Their paper is
about formal verification of the standard. That is indeed something new. Their
framework finds a couple of new issues -- and also old ones, which made it to
the headline.

------
Grangar
Oh boy here we go. What are the odds Chinese vendors have designed these as
bugdoors? That'd give them a good motive to push so hard for this adoption.

~~~
maeln
US, Europe and almost any country have police using fake cell-site, some also
have mass surveillance program.

Why blame only the Chinese when "3-letter agency" might be as happy to have
possibility to snoop on 5G traffic?

~~~
Grangar
Since it's Chinese vendors such as Huawei pushing their implementation.
Supposedly it's resistant to such interference, now it turns out it's not.
Surprise surprise.

~~~
_jal
They are protocol vulnerabilities, not implementation vulnerabilities.

I also tend to think the evidence suggests being wary of nation-state
intelligence influence on networking systems - the only ones who haven't done
it are the ones who lack the capabilities.

Cisco's apparent inability to stop its code base from constantly regrowing
backdoors will compromise you just as quickly as whatever Huawei may be up to.

------
TaylorGood
Was there a need for 5G? Or is this akin to the ever-increasing TV sizes?

~~~
crowtoe76
The "need" for 5G was so the govt-backdoored telecom companies can put
wireless transmitters in every single neighborhood, to achieve more granular
control in mass surveillance for profit and for targeted harassment. The FCC-
sponsored transmitters are interacting with every "smart" device they can
reach and reporting everything back to HQ. They're probably busy brute-forcing
everyone's wifi passwords while they're at it, because why wouldn't they? But
maybe that's just crazy. Maybe in reality they're just the good guys who care
about streamlining our movie watching experiences.

------
macawfish
Just wait until people realize it can track human bodies too.

~~~
wearenotsafe
Are you referring to the MIT studies using wifi signals to track people
through walls?
[https://people.csail.mit.edu/fadel/wivi/](https://people.csail.mit.edu/fadel/wivi/)

I'm pretty sure I first read about that on HN, and was immediately reminded of
the govt plan to cover the country in wireless transmitters.

------
9dl
Good news everyone

