Researcher named to international Mobile Security Hall of Fame


By Sarah Small

UNIVERSITY PARK, Pa. — Syed Rafiul Hussain, assistant professor of computer science and engineering at Penn State, has been named to the GSMA Mobile Security Hall of Fame for his contributions to exposing vulnerabilities in 4G and 5G cellular networks.

The GSMA, or Global System for Mobile Communications, “represents the interests of mobile operators worldwide,” and has more than 700 network providers as members, according to its website. Part of GSMA’s work is to define how networks behave and to set the standards for security and privacy algorithms. The Mobile Security Hall of Fame recognizes “security vulnerability finders that have made contributions to increasing the security of the mobile industry by submitting disclosures to the GSMA or its members.”

Hussain received this honor for the security analysis framework he developed, called ProChecker, that helps identify vulnerabilities in cellular devices and networks.

“There is a design for phones and networks that is standard to all phone manufacturers and network operators, but each manufacturer or network operator then takes that standard design and implements it,” Hussain said. “We found vulnerabilities that are very specific to design, not implementation.”

Because all phone manufacturers and network operators use the same standard design, vulnerabilities are not specific to any particular phone or service provider. The issues are with 4G and 5G protocol, making weaknesses common to all providers and phones.

The vulnerabilities that Hussain identified with his security analysis framework can be exploited by an attacker to track a user’s location and launch denial of service attacks. Particularly, for one new vulnerability, Hussain has shown that an attacker can cause essential security procedures to fail, which could allow an attacker to track an individual’s phone-level location information.

“Most of the attacks that we identified are on the device side, but to exploit the weaknesses, the interactions between both the network operator and the device are needed,” Hussain said.

The research findings will be published as part of the proceedings for the 41st IEEE International Conference on Distributed Computing Systems 2021, taking place July 7-10. Imtiaz Karim and Elisa Bertino, both of Purdue University, co-authored the paper. The findings also were reported to GSMA, which is the first step to resolving the design vulnerabilities, according to Hussain.


Share this story:

facebook linked in twitter email


Megan Lakatos