Attackers can intercept calls and track phones in 4G, 5G


Academics at Purdue University and the University of Iowa have found three new security flaws in 4G and 5G. These flaws can be used to intercept phone calls and track the location of cell phone users.

These findings point out the first time that vulnerabilities have affected both 4G and the incoming 5G. 5G promises faster speeds and better security, especially against law enforcement and their use of cell site simulators known as “stingrays.” Unfortunately, the researchers say that the new attacks on 4G and 5G can defeat the newer protections that were believed to make it more difficult to snoop on phone users.

Syed Rafiul Hussain, one of the researchers, stated to TechCrunch that “Any person with a little knowledge of cellular paging protocols can carry out this attack.”

Hussain, along with Elisa Bertino and Ninghui Li at Purdue University, and Omar Chowdhury and Mitziu Echeverria at the University of Iowa brought their findings to light today at the Network and Distributed System Security Symposium in San Diego.

Their paper details the attacks. The first attack is called Torpedo. It exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that if several phone calls were placed and cancelled in a short period, a paging message can be triggered without alerting the target device to an incoming call. The attacker can then hijack the paging channel and inject or deny paging messages by spoofing messages like Amber alerts or blocking messages altogether.

Torpedo opens the door to two other attacks. The first, Piercer, allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network. The second, IMSI-Cracking attack, can brute force an IMSI number in both 4G and 5G networks, where the numbers are encrypted.

This allows for even the newest 5G-capable devices to be at risk from stingrays. Law enforcement uses stingrays to identify someone’s real-time location and log all the phones within its range. Some of the more advanced devices are also believed to be able to intercept calls and text messages.

According to Hussain, all of the four major U.S. operators are affected by Torpedo. The attacks on the AT&T, Verizon, Sprint, and T-Mobile networks can be carried out with radio equipment that costs as little as $200. One of the U.S. networks is also vulnerable to the Piercer attack.

The flaws have been reported to the GSM Association (GSMA). The GSMA is an industry body that represents mobile operators. The Torpedo and IMSI-Cracking flaws will need to be fixed by the GSMA, whereas a fix for Piercer depends solely on the carriers. Torpedo remains the priority, of course, as it is the precursor of the other flaws. It is unknown when the flaws will be fixed.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648