New security issues in 4G and 5G were discovered by a group of scientists. The three vulnerabilities could be used by hackers to intercept phone calls and track the locations of a cell phone.
According to cybersecurity experts, these are the first open vulnerabilities that affect both the 4G and the incoming 5G standard.
Expectations were the 5G standard to introduce faster speeds and better security, especially against law enforcement use of cell site simulators, known as “stingrays.” According to scientists Syed Rafiul Hussain, Ninghui Li and Elisa Bertino at Purdue University, and Mitziu Echeverria and Omar Chowdhury at the University of Iowa, however, new attacks can defeat the modern defenses whose role is to make it more difficult to snoop on phone users.
“Any person with little knowledge of cellular paging protocols can carry out this attack… such as phone call interception, location tracking, or targeted phishing attacks," Hussain says.
This team of scientists has written a paper detailing the attacks, but it has not yet been published. The first attack was called Torpedo, it exploits the vulnerability in the paging protocol that carriers use to notify a phone before a call or text message comes through. According to the discovery, several phone calls placed and canceled in a short period can trigger a paging message without alerting the attacked device to an incoming call. Hackers can exploit this vulnerability to track the location of the victim and to take control of the paging channel, to inject or deny paging messages, etc.
Torpedo, however, allows two more attacks - Piercer and IMSI-Cracking. Through Piercer, hackers could determine an international mobile subscriber identity (IMSI) on the 4G network, and using IMSI-Cracking attack hacker is able to brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted.
Hussain also says the team's discovery exposes cybersecurity even on the newest 5G-capable devices, and that Torpedo affects the four major US operators - AT&T, Verizon, Sprint and T-Mobile.
More worrying, however, is that Torpedo attack can be done with radio equipment costing merely $200. So far, experts have found that one American network is vulnerable to Piercer attack, and there is no official comment from any of the four large companies.
The group of researchers is not releasing the proof-of-concept code until the problem is fixed, as its exploitation can lead to very serious and large-scale damage.
Experts have reported the vulnerabilities to the mobile operators' organization GSMA. GSMA has acknowledged the vulnerabilities but has not yet come up with an official statement. It is not known also when those issues will be fixed.