32 research outputs found
You have been warned: Abusing 5G's Warning and Emergency Systems
The Public Warning System (PWS) is an essential part of cellular networks and
a country's civil protection. Warnings can notify users of hazardous events
(e.g., floods, earthquakes) and crucial national matters that require immediate
attention. PWS attacks disseminating fake warnings or concealing precarious
events can have a serious impact, causing fraud, panic, physical harm, or
unrest to users within an affected area. In this work, we conduct the first
comprehensive investigation of PWS security in 5G networks. We demonstrate five
practical attacks that may impact the security of 5G-based Commercial Mobile
Alert System (CMAS) as well as Earthquake and Tsunami Warning System (ETWS)
alerts. Additional to identifying the vulnerabilities, we investigate two PWS
spoofing and three PWS suppression attacks, with or without a man-in-the-middle
(MitM) attacker. We discover that MitM-based attacks have more severe impact
than their non-MitM counterparts. Our PWS barring attack is an effective
technique to eliminate legitimate warning messages. We perform a rigorous
analysis of the roaming aspect of the PWS, incl. its potentially secure
version, and report the implications of our attacks on other emergency features
(e.g., 911 SIP calls). We discuss possible countermeasures and note that
eradicating the attacks necessitates a scrupulous reevaluation of the PWS
design and a secure implementation
Unveiling the Sentinels: Assessing AI Performance in Cybersecurity Peer Review
Peer review is the method employed by the scientific community for evaluating
research advancements. In the field of cybersecurity, the practice of
double-blind peer review is the de-facto standard. This paper touches on the
holy grail of peer reviewing and aims to shed light on the performance of AI in
reviewing for academic security conferences. Specifically, we investigate the
predictability of reviewing outcomes by comparing the results obtained from
human reviewers and machine-learning models. To facilitate our study, we
construct a comprehensive dataset by collecting thousands of papers from
renowned computer science conferences and the arXiv preprint website. Based on
the collected data, we evaluate the prediction capabilities of ChatGPT and a
two-stage classification approach based on the Doc2Vec model with various
classifiers. Our experimental evaluation of review outcome prediction using the
Doc2Vec-based approach performs significantly better than the ChatGPT and
achieves an accuracy of over 90%. While analyzing the experimental results, we
identify the potential advantages and limitations of the tested ML models. We
explore areas within the paper-reviewing process that can benefit from
automated support approaches, while also recognizing the irreplaceable role of
human intellect in certain aspects that cannot be matched by state-of-the-art
AI techniques
Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings
Short Message Service (SMS) remains one of the most popular communication
channels since its introduction in 2G cellular networks. In this paper, we
demonstrate that merely receiving silent SMS messages regularly opens a
stealthy side-channel that allows other regular network users to infer the
whereabouts of the SMS recipient. The core idea is that receiving an SMS
inevitably generates Delivery Reports whose reception bestows a timing attack
vector at the sender. We conducted experiments across various countries,
operators, and devices to show that an attacker can deduce the location of an
SMS recipient by analyzing timing measurements from typical receiver locations.
Our results show that, after training an ML model, the SMS sender can
accurately determine multiple locations of the recipient. For example, our
model achieves up to 96% accuracy for locations across different countries, and
86% for two locations within Belgium. Due to the way cellular networks are
designed, it is difficult to prevent Delivery Reports from being returned to
the originator making it challenging to thwart this covert attack without
making fundamental changes to the network architecture