[ad_1]
In North America and in many other parts of the world, high-speed 5G mobile data networks have been out of reach for years. But as 5G coverage becomes ubiquitous, the rollout comes with an important caveat. Even if your phone says it’s connected to the next-gen wireless standard, you might not get all of the features 5G promises, including defense against so-called stingray surveillance devices.
To quickly spread 5G to as many people as possible, most operators around the world have deployed it in what is called a “non-autonomous mode” or “non-autonomous architecture”. The approach essentially uses the existing 4G network infrastructure as a starting point to deliver 5G data speeds before the separate, “stand-alone” 5G core is built. It’s like starting your cake decorating business in your cousin’s ice cream shop while you renovate a new storefront three blocks away.
You can see where it’s going. As long as your 5G connection is in non-standalone mode, much of what you get is still actually 4G, with weaknesses in security and privacy that real 5G aims to respond.
“It’s a false sense of security,” says Ravishankar Borgaonkar, researcher at Norwegian technology analysis firm SINTEF Digital. “Currently, much of the 5G deployed around the world does not really have the protection mechanisms designed in 5G. You get the broadband connection, but the level of security you have is still 4G.
In practice, this means that one of the main privacy benefits of 5G, the ability to thwart ray surveillance, does not yet apply to most people. Also known as “IMSI sensors” for the “international mobile subscriber identity” number assigned to each cell phone, the stingrays act like legitimate cell phone towers and trick devices into connecting. From there, the tools use IMSI numbers or other identifiers to track the device and even listen to phone calls. Stingrays are a popular choice among US law enforcement officials; they have reportedly been a common presence at numerous protests against police brutality last summer. To prevent this type of surveillance, 5G is designed to encrypt IMSI numbers.
Borgaonkar and fellow researcher Altaf Shaik, senior researcher at TU Berlin, found that major Norwegian and German operators continue to use 5G in non-autonomous mode, which means these connections are still susceptible to stingrays. The two presented at the Black Hat Security Conference in Las Vegas last week.
In the United States, T-Mobile is the most advanced in the deployment of its autonomous network. The company was the first to begin mass deployment in August 2020. Verizon and AT&T have taken longer to transition and are still working on the transition to 5G broadband in general. Verizon told WIRED it is on track to “fully commercialize” 5G standalone mode by the end of 2021. AT&T said it began “limited SA deployments” late last year and that it would intensify “when the ecosystem is ready.”
A February study by mobile network analytics firm OpenSignal found that in early 2021, U.S. mobile users were spending around 27% of their time on non-autonomous 5G mode and less than 6% of their time on stand-alone mode connections.
While the distinctions between the types of 5G are very important, there’s no easy way to tell if you’re on a stand-alone network just by looking at your phone. Android users can download apps that scan a device’s network connection and can report non-standalone mode, but that’s an expensive extra step. And these tools are less common on iOS due to Apple’s app restrictions.
The security benefits you miss when you’re on a non-standalone 5G network extend beyond stingrays. You are potentially susceptible to tracking, eavesdropping, and so-called “downgrade attacks” that push target devices onto older and more vulnerable data networks like 3G. And none of this is communicated to mobile data users, although the enhanced security features are a key selling point of 5G.
[ad_2]
Source link