Stingray phone tracking
July 26, 2017
Security researchers have revealed a recently discovered vulnerability in modern, high-speed cell networks, which they say can allow low-cost phone surveillance and location tracking.
The findings, revealed Wednesday at the Black Hat conference in Las Vegas, detail a cryptographic flaw in the protocol used in 3G and 4G LTE networks which enables mobile devices to connect with the cell operator.
It’s the latest blow to the long-held belief that modern cell standards and protocols are largely immune from tracking and monitoring, unlike the older 2G cell protocol which uses easy-to-crack encryption.
Ravishankar Borgaonkar and Lucca Hirschi, who co-authored the research, found a weakness in the authentication and key agreement, which lets a phone communicate securely with the subscriber’s cell network. The agreement protocol relies on a counter that’s stored on the phone operator’s systems to authenticate the device and to prevent replay attacks, but the researchers found that the counter isn’t well protected and partially leaks. That can allow an attacker to monitor consumption patterns, such as when calls are made and when text messages are sent, and track the physical location of a cell phone.