3G security flaw leaves smartphone users at risk of hackers
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.People using smartphones and other mobile internet devices can be tracked by hackers exploiting a flaw in their 3G connections, security experts have said.
Researchers at the University of Birmingham and Technical University of Berlin found that a weakness with the 3G system’s security feature meant that devices’ physical locations could be identified at any time with relative ease, using readily available equipment.
“Such a possibility would enable all kinds of undesirable behaviour, ranging from criminal stalking and harassment to more mundane monitoring of spouse or employee movements, as well as profiling for commercial and advertisement purposes,” the team wrote in their paper ‘New Privacy Issues in Mobile Telephony: Fix and Verification’.
The 3G system, which is used by most mobile internet devices to connect, deploys a temporary identity in order to mask its actual identity, which includes its location at any time. However, the team found a way of circumventing that protection using a femtocell.
“We have shown that the protocols are vulnerable to new privacy threats and that these threats lead to attacks that can be mounted in practice at low cost,” they wrote. And, because it is a part of the very system, it potentially affects every device using 3G to connect to the internet.
The researchers added: “the attacker does not need to know any keys, nor perform any cryptographic operation. This kind of vulnerabilities usually look trivial once uncovered but often remain unnoticed for long time, since they do not involve fancy cryptography but are caused by errors in the protocol logic.”
The team tested phones on the T-Mobile, O2, and Vodafone networks, as well as the French SFR network, all of which were found to be vulnerable.