A team of researchers from Purdue University and University of Iowa have revealed three attacks which allow hackers to intercept phone calls and track a phone's location in real time on 4G and 5G networks
Highlights
- Vulnerability allows attackers to track phone's location
- Additional attacks could let hackers intercept phone calls and messages
- Vulnerability impacts both 4G and 5G networks
A group of academic researchers from Purdue University and the University of Iowa have revealed vulnerabilities in 4G and 5G infrastructure that allow those with malicious intent to track the location of any mobile phone. More worrisome is their claim that the vulnerabilities they have discovered could also allow hackers to intercept phone calls.
This is supposedly the first time a vulnerability has been discovered that impacts both 4G and the upcoming 5G standard. Besides higher data speeds and lower latencies, 5G also promised improved security, which this new flaw seems to be able to circumvent. The researchers are to present their paper on the topic at the Network and Distributed System Security Symposium in San Diego. TechCrunch has had early access to the paper, and have had a look at how the three attacks work to achieve their goal.
The first attack is called Torpedo and exploits the paging protocol which carriers use to notify the phone about an incoming text or call before it is received. The attack involves calling the target phone a number of times in short duration, which triggers a paging message without alerting the target device to an incoming call. This, an attacker can use to track a victim’s location.
Torpedo further allows two more attacks; Piercer and IMSI-Cracking attack. The former refers to the attack's ability to identify the International Mobile Subscriber Identity of a cellphone. IMSI is supposed to be encrypted. The IMSI Attack can further use brute force against the IMSI number, which allows the attacker to track a phone’s location and intercept calls and messages.
The researchers say that the flaws were reported to GSMA, the body that represents mobile operators, but received no comment. According to the researchers, the Torpedo attack would be the first priority to address, since that is the gateway for the other two attacks. After that, the GSMA would need to address the IMSI attack while the operators would be responsible for fixing the vulnerability that allows the execution of the Piercer attack.
Related Read: Qualcomm Snapdragon X55 5G modem launched with 4G/5G support, Samsung to debut it in 2020
Follow Us
Digit NewsDesk
Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile
