Security and Communication Networks

Research Article

Towards 5G Security Analysis against Null Security Algorithms Used in Normal Communication

Major LTE protocol exploits, threats, and their impact on 5G.


LTE protocol exploit	Threat	Impact on 5G

IMSI catching	Privacy threat, location leaks, SS7 leaks, etc. [1–6]	Potential for IMSI/SUPI catching in some protocol edge cases, such as when an unauthenticated emergency call is maliciously triggered
Device fingerprinting using exposed device capabilities	Identification attacks, bidding down attacks, and battery draining attacks [7]	Exploiting unprotected device capabilities’ information identification attacks, bidding down attacks, and battery drain attacks against cellular devices
Location tracking	Location leaks [7]	Link device fingerprints to SUPI and track user’s location
Silent downgrade to GSM	Man-in-the-middle attacks, SMS snooping, and phone call [2, 4, 6, 7]	Silent GSM downgrade using preauthentication messages from a malicious base station broadcasting a Mobile Country and Network Code (MCC-MNC) of a network with no public key provisioned in the USIM
Attach/Tracking Area Update (TAU) request	DoS [2, 4, 6]	DoS of 5G mobile devices caused by malicious base stations broadcasting a valid MCC-MNC combination for a network with no public key provisioned in the USIM
Wireless eavesdropping	Eavesdropping attacks [8–11]	Eavesdropping attacks exploit unsecured network communications to gain access to data as they are sent or received by their target