Article: Our Eye Is on the SPARROW
Author: Reza Soosahabi
Published: September 24, 2021
Site: DARKReading.com
This weeks news: there’s a new way to enable long range communication leveraging other people’s networks by taking advantage of a vulnerability found in MAC layer protocols in 5G and LTE.
Using the cell coverage network, anonymous messages can be sent via short distances that link to enable longer trail of the communication. The vulnerability allows the establishment of these link prior to authenticating the user therefor allowing for anonymity. Specifically the MAC layer (L2) of “wireless access infrastructure” is impacted rather than the physical disruption of the L1 layer of using the other layers of the infrastructure stack (L3-L7).
It’s important to note that “Since commercial wireless signals are available virtually everywhere, exploiting them for data exfiltration can circumvent all existing preventive measures.” Rendering this a rather critical vulnerability.
3 reasons for major concern:
– Max Anonymity
– More distance coverage
– Low power and low complexity
Exploits
– data exfiltration – can serve as a vehicle to known data exfiltration techniques
– command and control – remote control of IoT to trigger events
– clandestine ops – attackers can communicate without detection