Given how common government surveillance is these days, enabled especially by certain companies that consider themselves pioneers in the 5G space, I am not overly convinced that this functionality is unintentional.

Interesting how the GSMA claim that these vulnerabilities are "judged as nil or low-impact in practice". It doesn't sound like low-impact if used to target specific people.

> Interesting how the GSMA claim

The GSMA is an industry body for coordinating interoperating standards. You couldn’t even say it has been “compromised” because it doesn’t really have any social mandate.

GSMA represents network operators. They don't coordinate standard.

3GPP makes the spec and sends it for ITU for ratification. 3GPP has 7 organizational partners: USA represented by ATIS, ETSI for EU and CCSA for China. GSMA is one of the 17 invited market representation partners who can provide advice and participate in consensus decision making but have no vote.

Sure. But the substance of what I was saying still stands no?

Anyone doing this would of course risk jail time but I wonder if not the only thing which would force them to fix the security issues in the cell phone protocols would be some large scale attacks from ordinary citizens. The cell phone protocols just seem like a total mess with security issues left in them for legacy reasons and various vulnerabilities used by police forces.

> Anyone doing this would of course risk jail time

I think the folks who would be most likely to be be using these exploits are the last people who would ever face fail time for it: folks working for some three letter agency. They're not going to go to jail for their government-sanctioned abuse of these flaws.

Maybe I expressed myself poorly but I think you missed my point. My point was that the only way to force people to fix the issues is if ordinary hackers who are not working for any three latter agency start attacking the infrastructure too. And if you do that you risk prison time, even if you only do harmless exploits to highlight weaknesses.

As an individualist nation, there's little likelihood anyone will throw themselves away for the collective. Doubly so because the collective is super fucking thankless and turns everything it gets into garbage.

I've really been debating the idea if there's any point of trying to help at all at this point, and my current conclusion is: we're already wayyyy down the dystopia line. The only hope at this point is AI which will either save us or (hopefully) bring the great filter sooner (which means less suffering). But I no longer believe in protest.

Spoofed phone alerts are the new leaflet propaganda. They will be used to generate a significant amount of confusion and some terror abroad by whoever just decides to do it first: https://en.m.wikipedia.org/wiki/Airborne_leaflet_propaganda

The same vulnerability has existed a long time in the possibility of broadcasting over FM/AM stations too.

"flaws"

It's not a flaw, it's a feature!

As did 4G. Nothing new.

The authors mention the headline attacks in a side note only. Their paper is about formal verification of the standard. That is indeed something new. Their framework finds a couple of new issues -- and also old ones, which made it to the headline.

Oh boy here we go. What are the odds Chinese vendors have designed these as bugdoors? That'd give them a good motive to push so hard for this adoption.

Considering these are vulnerabilities in the underlying protocol/spec created by 3GPP (US, South Korea, majority Japan, with a single Chinese partner) and ratified by the UN's ITU, and exist on handsets that implement 5G as spec-ed from all over the world, nearly 0% chance.

What's your basis for the claim "Chinese vendors" did it?

US, Europe and almost any country have police using fake cell-site, some also have mass surveillance program.

Why blame only the Chinese when "3-letter agency" might be as happy to have possibility to snoop on 5G traffic?

Since it's Chinese vendors such as Huawei pushing their implementation. Supposedly it's resistant to such interference, now it turns out it's not. Surprise surprise.

They are protocol vulnerabilities, not implementation vulnerabilities.

I also tend to think the evidence suggests being wary of nation-state intelligence influence on networking systems - the only ones who haven't done it are the ones who lack the capabilities.

Cisco's apparent inability to stop its code base from constantly regrowing backdoors will compromise you just as quickly as whatever Huawei may be up to.

Was there a need for 5G? Or is this akin to the ever-increasing TV sizes?

The "need" for 5G was so the govt-backdoored telecom companies can put wireless transmitters in every single neighborhood, to achieve more granular control in mass surveillance for profit and for targeted harassment. The FCC-sponsored transmitters are interacting with every "smart" device they can reach and reporting everything back to HQ. They're probably busy brute-forcing everyone's wifi passwords while they're at it, because why wouldn't they? But maybe that's just crazy. Maybe in reality they're just the good guys who care about streamlining our movie watching experiences.

Just wait until people realize it can track human bodies too.

Are you referring to the MIT studies using wifi signals to track people through walls? https://people.csail.mit.edu/fadel/wivi/

I'm pretty sure I first read about that on HN, and was immediately reminded of the govt plan to cover the country in wireless transmitters.