Security flaws have been discovered in both 4G and the upcoming 5G cellular networks that make it easy for an attacker to eavesdrop on your phone calls and track your location.
As TechCrunch explained today, Omar Chowdhury and Mitziu Echeverria at the University of Iowa and Syed Rafiul Hussain along with Ninghui Li and Elisa Bertino at Purdue University, have found three new security flaws in 4G and 5G.
All four major wireless carriers in the United States suffer from these security flaws on the network end. “Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper.
The paper, seen by TechCrunch prior to the talk, details the attacks: the first is Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through.
The researchers found that several phone calls placed and cancelled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location.
This is terrible.
Knowing the victim’s paging occasion also lets an attacker hijack the paging channel and inject or deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether, the researchers say.
Spoofing Amber alerts is a recipe for disaster. Why has this gone unnoticed for so long? Did the spy agencies know about this?
Torpedo opens the door to two other attacks: Piercer, which the researchers say allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network; and the aptly named IMSI-Cracking attack, which can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted.
These vulnerabilities have created new vectors of attack that put the latest 5G devices at risk of attacks via cell site simulators, known as stingrays, that law enforcement use to spy on users within a range.
The attacks can be carried out using the equipment costing no more than $200. Almost all the cell networks outside the US are vulnerable to these attacks, in addition to many cellular networks in Europe and Asia.
A fix for these flaws will require work from the GSM Association (GMA) and carriers. Torpedo remains the priority as it precursors the other vulnerabilities. The researchers are not releasing the proof-of-concept code to exploit the flaws for security reasons.
GSMA recognized the flaws.
Worryingly, this is the first time vulnerabilities have affected both 4G and the incoming 5G standard.