A group of academics have found new security flaws in 4G and 5G, which they say can be used to phone cell phone users.
4G and the incoming 5G standard, which promises faster speeds and better security, especially against cell site simulators known as "stingrays."
"Anyone with a little knowledge of cellular paging protocols can carry out this attack," said Syed Rafiul Hussain, one of the co-authors of the paper, told TechCrunch in an
Hussain, along with Ninghui Li and Elisa Bertino at Purdue University, and Mitziu Echeverria and Omar Chowdhury at the University of Iowa are set to reveal their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday.
Syed Rafiul Hussain, Syed Rafiul Hussain, Purdue University
The paper, taken by TechCrunch, gives a discussion of the attacks: the first is torpedo, which explodes in the paging protocol. can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim's location. Knowing the victim's paging occasion so lets attacker hijack the paging channel and injects paging messages, spoofing messages like […]
Torpedo opens the door to two other attacks: Piercer, which the researchers say allows to attack to determine an international mobile subscriber identity (IMSI) on the 4G network; IMSI cracking attack, which can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted.
That puts the newest 5G-capable devices at risk from stingrays, said Hussain, which law enforcement use to identify someone's real-time location and log on the phone. Some of the more advanced devices are believed to be intercepting calls and text messages, he said.
According to Hussain, all four major U.S. operators – AT & T, Verizon (which owns TechCrunch), Sprint and T-Mobile – are affected by Torpedo, and the attacks can be carried out with radio equipment costing little as $ 200. One U.S. network, which he would not name, so vulnerable to the Piercer attack.
We just got the big four cell giants If that changes, we'll update.
Given two of the attacks exploit flaws in the 4G and 5G standards, almost all the cell networks outside the U.S.. are vulnerable to these attacks, Hussain said. Some networks in Europe and Asia are vulnerable.
It's the latest blow to cellular network security, which has faced intense scrutiny no more so than in the last year for flaws that have allowed the interception of calls and text messages. Vulnerabilities in Signaling System 7, are under active exploitation by hackers. While 4G is meant to be more secure, it shows that it's just as vulnerable as its 3G predecessor.
Hussain said the flaws were reported to the GSMA, to industry body that represents mobile operators. GSMA recognizes the flaws, but a spokesperson
Hussain said the torpedo and IMSI cracking flaws would have to be fixed by the GSMA, whereas a fix for piercers depends solely on the carriers.
The paper comes almost exactly a year after Hussain et al revealed separate weaknesses in 4G LTE that allowed eavesdropping on phone calls and text messages , and spoofing emergency alerts.