New 4G/5G flaws can reveal target’s location and intercept calls

This report comes from TechCrunch where a group of university researchers have found three major flaws in the security of 4G and 5G technologies that are susceptible to hackers gaining location information, intercepting phone calls, and targeted phishing attacks. These vulnerabilities are said to affect 4G networks and the incoming 5G network that all phone makers and industries are raving about.

The group is made up of researchers from the Universtity of Iowa (Mitziu Echeverria, Omar Chowdhury) and Purdue University (Syed Rafuil Hussain, Ninghui Li, Elisa Bertino).

The first attack is called “Torpedo” and it works by exposing a weakness in the protocol that signals a handset of an incoming call or SMS message. By placing several phone calls to the target and cancelling them within a short amount of time, a paging message is triggered without the user’s knowledge. This can then be used to track the target’s location. This paging message also reveals the channel on which the target is receiving messages, which the attacker can use to spoof Amber alert messages or block messages from arriving altogether.

Any person with a little knowledge of cellular paging protocols can carry out this attack, - Syed Rafuil Hussain

“Piercer” is another attack that’s accessed via “Torpedo”. This attack lets an offender determine the IMSI (international mobile subscriber identity) of the target on a 4G or 5G network by using a ‘brute force’ attack. This exploit puts devices at risk of stingray attacks from law enforcement. A stingray device is one which spoofs a nearby cell-tower, forcing nearby devices to connect to it. It’s believed that advanced devices of this kind are capable of intercepting calls and text messages.

Since these findings are quite dangerous if they fall in the wrong hands, the group is not releasing the proof-of-concept code used to exploit the flaws.

Instead, the flaws were reported directly to the GSMA. This is the body of the wireless industry that represents the interests of all mobile operators worldwide. It is also the same body that organizes the Mobile World Congress shows in three cities around the world. The findings will also be announced at the Network and Distributed System Security Symposium on Tuesday in San Diego.

According to the report, all four major US carriers are affected by “Torpedo” and the attack could be carried out with radio equipment costing $200. Meanwhile, one of those US carriers are vulnerable to the “Piercer” attack, though it wasn’t made clear which one. The priority remains to patch the “Torpedo” attack which opens the door for the other attacks.

We are waiting to hear a statement from the GSMA and will update this post following new developments.

Source