The standards body in charge of 5G—the 3rd Generation Partnership Project, or 3GPP—has improved AKA to mitigate those well-known privacy issues. However, the researchers say, they have been able to find a new vulnerability that affects all versions of the AKA, including in the upcoming 5G standard. And what's more, the researchers say that this new attack "breaches subscribers' privacy more severely than known location privacy attacks do."

The newly discovered vulnerability allows an attacker who can intercept mobile traffic in the area (meaning anyone with a software-defined radio costing around $500) to monitor individual subscriber activity, such as the number of outgoing calls or SMSs sent in a given amount of time (but not the metadata or contents of the messages.) On top of that, the technique can tell an attacker how many calls or text messages an individual victim sent even if the victim is not near the attacker when the calls or texts are sent. Instead, after the first time the victims enters the attack area and subsequently leaves the area, even past call and text activity would become vulnerable as soon as the victim and their device re-enters the attack area.

[...] It's important to keep in mind here that, for cases of lawful intervention from law enforcement agencies, there are better ways than this attack technique to get location information, such as getting a warrant and getting the information directly from the phone companies. People working outside the legal system, such as spies and criminals, cannot get warrants and cannot typically work directly with the phone companies. Law enforcement does not need the location-finding capabilities of an IMSI catcher unless they are trying to circumvent the legal system.