If you're still using a 3G mobile network, you may want to move up to 4G - and fast! According to the Phys.org article, 3G protocols come up short in privacy, say researchers, British and German researchers "...found that 3G telephony systems pose a security weakness that results in threats to user privacy. The weakness makes it possible for stalkers to trace and identify subscribers." The hole in 3G security, the article further explains, can also enable spy operations and commercial profiling

 

Why is Security an Issue Now?

 

Since 3G networks have been in use since 1999, it seems odd that 3G now has security problems. The paper resulting from the British and German study, New Privacy Issues in Mobile Telephony: Fix and Verification, explains why this problem exists today, rather than a decade ago. A decade ago, the high cost of the equipment and the lack of open-source protocol stack implementations made a 3G system security breach extremely unlikely. Today, however, access to all kinds of cheap technologies makes it easy to breach a 3G network, including easily programmed Universal Software Radio Peripheral (USRP) boards and software emulation.

 

Proposed Fixes

 

Proposed fixes are based on public-key cryptography. This system requires two separate keys: one public key for encryption and one private key for decryption. The two keys can perform only the functions they’ve been created to perform; a public encryption key can only encrypt and a private decryption key can only decrypt. The two keys are mathematically linked and you can use the private key to generate a public key. The New Privacy Issues in Mobile Telephony: Fix and Verification paper provides details on this solution.