A new study uncovers vulnerability of 4G services. Those flaws may lead to users being tracked, especially when using social media. The study carried out by Professor N. Asokan, Aalto University, and Professor Valtteri Niemi, University of Helsinki, tested the effectiveness of 4G in terms of security and privacy.

It was assumed that 4G offered privacy and data protection guarantees, making it difficult, or impossible, to track users’ movements as well as to monitor changes in their positions.

“We built a 4G fake base station and showed that most popular phones can be tricked into giving up location information or degrading their service level” said Professor N. Asokan.

Vulnerabilities identified include the possibility of forcing the 4G device in revealing its position, within a range of a 2 km2 in a urban setting. The alarming factor concerns the fact that the equipment necessary for such privacy violation is actually inexpensive and easy to obtain, with prices around one thousand pounds or even less.

4G and Social Media

When mobile devices interact with networks they get temporary identifiers. These identifiers are random and change continuously, to avoid attackers to link the temporary identifiers to the permanent one and track movements of the users. However, social media can present some problems, as in the case of Facebook Messanger and Whatsapp, because they can be used to trigger messages and response from the mobile devices that leak information to the eventual attackers.

“If you receive messages from people that are not in your friend list in Facebook, these messages end up in the “Other” mail box. The user will not be notified upon the reception of the message. If you also have a Facebook Messenger application installed in your 4G device, these messages in the “Other” mailbox cause a paging request by the network. Paging is the process of locating the user in a particular area. A paging request triggered by a Facebook message can allow an attacker to link your temporary identifier to your Facebook identity and track your movements,” explains Asokan.”

“We also noticed that temporary identifiers are not changed sufficiently frequently. In an urban area temporary identifiers persisted up to three days. In other words, once the attacker knows your temporary identifier, he or she can track your movements for up to three days,” states Professor Valtteri Niemi from the University of Helsinki.

Furthermore, eventual attackers could use other tools such as fake base stations, which would allow to accurately pinpointing the targeted users location exploiting GPS coordinates. Another attacking option would be the denial of service, forcing the users to use 2G or 3G networks or even denying the access to all the networks. In case this kind of attacks occurs, significant efforts may be required to recover the mobile device, such as a system reboot.

“An important question is why these attacks are possible. 4G is a complex system whose design requires making different trade-offs between security and other criteria, such as availability, performance and functionality, and this leads to vulnerabilities. Hopefully we will see standardization efforts in the future that allow room for trade-offs that can change over time,” concludes Niemi.

Written by: Pietro Paolo Frigenti

Sources: Asokan, N., Niemi, V. (2015), 4G mobile communications system is vulnerable to location tracking, Alto University News