Vulnerability identifier: #VU17340
Vulnerability risk: Low
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Network
Exploit availability: No
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information
The vulnerability exists due to a weak state of in AKA (Authentication and Key Agreement). A remote attacker can create next-gen IMSI-catchers that work across all modern telephony protocols, reveal details about a user's mobile activity, such as the number of sent and received texts and calls, allowing IMSI-catcher operators to create profiles for each smartphone holder.
Furthermore, attackers can keep track of users, even when they move away from the fake base station (IMSI-catcher device), and later briefly return in the station's coverage, with the AKA protocol leaking updated phone activity states.
Mitigation
The fixes will be completed by the end of 2019.
External links
https://eprint.iacr.org/2018/1175.pdf
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.