Law enforcement in the United States, international spies, and criminals have all used (and abused) the surveillance tools known as "stingrays" for more than a decade. The devices can track people's locations and even eavesdrop on their calls, all thanks to weaknesses in the cellular network. Today, researchers are detailing a way to stop them—if only telecoms would listen.
Stingrays derive their power by pretending to be cell towers, tricking nearby devices into connecting to them instead of the real thing. The same vulnerabilities that enable that behavior could also be used to, say, spoof emergency alerts on a large scale. At the USENIX Enigma security conference in San Francisco on Monday, research engineer Yomna Nasser will detail those fundamental flaws and suggest how they could finally get fixed.
"The point of my talk is to try and explain the root cause behind all these types of attacks, which is basically the lack of authentication when phones are first trying to find a tower to connect to," Nasser says. "If something looks like a cell tower, they will connect; that’s just a consequence of how cell network technology was designed decades ago. And it's really hard to redesign things to do security really well—the lack of authentication problem still exists in 5G."
Cell phones get service by connecting to a nearby cell tower; as you move, your phone hands off to other towers as needed. This process of establishing a connection with a tower, often called "bootstrapping," is easy when you're walking; your phone has plenty of time to realize it needs to find a new tower and connect. It's harder but still feasible when you’re driving or in a bullet train. Think of the towers as lighthouses, broadcasting their existence at set time intervals and frequencies for any data-enabled device in range to pick up.
Those pings are called "system information broadcast messages," or pre-authentication messages. They help to quickly establish a connection between a base station and a device before the two know much about each other or have authenticated themselves in any significant way. Maintaining that continuity of service doesn't allow much time or bandwidth for pleasantries. But that casual introduction also creates risk. Without confirming that a cell tower is genuine, devices could wind up connecting to any rogue base station that's set up to broadcast system information messages. Like a stingray.
Newer wireless standards like 4G and 5G have defenses built in that make it harder for attackers to get useful information when they trick devices. But these protections can't totally solve the rogue base station problem, because smartphones still rely on legacy cell networks for the "bootstrapping" initial connection phase, as well as to initiate and end calls. Plus, as long as telecoms support older, less secure data networks like GSM and 3G, snoops can still perform downgrading attacks to push target devices onto older, vulnerable networks.
"The cellular network creates the connection, maintains the signal, and disconnects the connection," says Syed Rafiul Hussain, a mobile network security researcher at Purdue University in Indiana. "To add authentication you have to add a few extra bytes, a little more data, in your bootstrapping and that would cost network operators more. Plus, older devices don’t have the capabilities of newer ones to handle this extra load. So backward compatibility is also a factor."
The telecom and tech industries could overcome these challenges if they decided to prioritize a fix. That's a big if. Nasser points to a solution that would function a lot like HTTPS web encryption, allowing phones to quickly check cell tower "certificates" to prove their legitimacy before establishing a secure connection. Last year, Hussain and colleagues from Purdue and the University of Iowa developed and proposed such an authentication scheme for the bootstrapping process in 5G.
"As long as phones will connect to anything advertising itself as a tower, it’s kind of free-for-all," Nasser says. "This problem is big low-hanging fruit, and there are many ways things could get better I think."
Roger Piqueras Jover, a mobile security researcher and security architect at Bloomberg LP, says he was excited to see a group actually put forth such a concrete proposal. He points out that digital certificates and the "public key encryption" they enable are mature and flexible technologies used heavily by industries like the financial sector, in addition to on the web.
"I don’t see why we would not use it for pre-authentication messages," he says. "It’s been many, many years, even decades, and we still have the same problems. It’s complicated—the way cellular networks are designed is based on standards developed by industry players with maybe non-aligning incentives."
To implement stronger protections on pre-authentication message, network carriers would need to make software changes across their sprawling infrastructure and potentially even replace some hardware. The most significant cost—in terms of both money and computing resources—would come from adding a few more bytes of data to all of those introductory device-tower interactions. And even if every network worldwide completed these upgrades, they would still need to support the current, less secure option as well.
Jover will present at the security conference ShmooCon in Washington, DC, on Saturday about the risks of pre-authentication message insecurity. He detailed some of the first rogue base station attacks against 4G in 2016, and says that there is more awareness of the problem now both in the research community and at the Federal Communications Commission. The 5G standard even details a protection that seems like a small step down the path of creating some sort of HTTPS for pre-authentication messages. It focuses on keeping certain trackable ID numbers known as "international mobile subscriber identity" numbers encrypted, to reduce potential surveillance. But Jover notes that the standard categorizes this feature as optional, which will minimize adoption. The standard also doesn't provide some necessary specifics on how telecoms would practically implement the protection, leaving them to do a lot of work on their own—another likely deterrent.
"I think that’s the right direction," Jover says, "And 5G improves and changes a lot of things in general. But when it comes to how you establish security or a root of trust and establish a channel between a device and a base station it hasn’t changed a bit."
The international mobile network operators trade group GSMA and US wireless industry association CTIA did not return requests from WIRED for comment.
Nasser says she hopes her talk at Enigma will get more cryptographers and security engineers thinking about the flaws still lurking in the cellular network every day. And she hopes to organize a serious trial of a certificate-based authentication scheme, like that proposed by Hussain and his colleagues, to build out and test such infrastructure under more real-world conditions. Though worldwide adoption still seems like a long shot, Nasser notes that the more developed the tech is, the easier it becomes to promote.
Telephony networks are notorious for using ancient, insecure tech that exposes users for decades. Researchers are pushing to make pre-authentication messages the exception.