Hacker News new | past | comments | ask | show | jobs | submit login

Biased opinion (author of PGPP https://www.usenix.org/system/files/sec21-schmitt.pdf). These types of attacks are numerous and easy across multiple generations of cellular. I'd argue the best solution is to simply stop using IMSIs that map directly to a user.



It‘s a very cool approach, I think where it falls short is that each UE will get the same key.

Much of the infrastructure around LTE & 5G is based on the assumption that noone but the operator has this key. However, since everyone has this key, it must now be considered public (since every SIM card can be used decode and encode any connection from any user).

This means that:

- The full connection plaintext will be leaked (yes, you should do TLS, but Metadata) - The IMEI (unique and persistent identifier of a phone) can be requested at will from an attacker (and is often requested by the operator at the beginning), thus allowing you to be tracked not only by the operator, but by any entity sniffing the wireless channel - Measurement Reports containing the exact GPS coordinates can be sniffed or requested by anyone

Still, it could be something for 6G for sure.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: