5G-ENSURE reseach findings: time to address privacy issues in wireless networks with 5G

Ensuring user trust in 5G - The case of WiFi-based IMSI catcher

Research led by 5G-ENSURE partner, University of Oxford, has uncovered privacy and security flaws in existing and proposed mobile protocols. The discovery calls not only for more low-level testing of devices but also concrete actions to ensure these issues are resolved in 5G. Otherwise user trust could be seriously compromised.

Why is the research on WiFi-based IMSI catcher groundbreaking?

The WiFi-based IMSI catcher work was ground breaking as it was the first WiFi-based IMSI catcher and no mobile OS manufacturer was aware of the issues until they were pointed out to them.  It is crucial that issues like these are fixed for 5G so that user trust can be maintained.

Where and how have you promoted your research?

It was first published at Black Hat London in November 2016 where it received widespread press coverage, then as an academic paper in the IEEE Security and Privacy Mobile Security Technologies (MoST) workshop where it won best paper award. This was followed by presentations at BSides Security conference in London in June 2017 and Shakacon Security conference in Hawaii in July 2017. Since then we have presented the research at the USENIX workshop within WOOT '17 and at Black Hat USA.

What impact has this achieved?

The impact has been large - there was widespread press coverage of the talks. As a direct result of the work, Apple introduced a new security feature (known as conservative peer mode for EAP) into iOS10.

The events in summer 2017 have also brought fresh media coverage:

Where do we go from here? What future steps do you consider to be important?

We need to continue to examine the existing and proposed mobile protocols for privacy and security flaws. In particular we need to examine the actual production based implementations and deployments as they don’t always implement the standards completely or their behaviours can be adversely affected by automatic configuration.
A key takeaway is that the industry should do more low-level testing of devices to ensure that private identifiers (such as the IMSI) are never transported in the clear or may not be elicited in a simple manner.
Piers o'Hanlon, University of Oxford