Security flaws in 4G and 5G can make it easier to intercept phone calls of users and also track their location. According to researches, for the first time such vulnerability is identified, in both 4G and upcoming 5G, that is considered much secure and faster in speed than before.
It was believed that tracking calls of users will be much difficult now, but a new attack by the researchers was able to show flaws in the newly promised protections.
This research was carried out by Syed Rafi-ul-Hussain, Nighui Li along with Elisa Bertino at Purdue University and Mitziu Echeverria and Omar Chowdhary at the University of Iowa, who will present their findings at Network and Distribution System Security Symposium in San Diego.
According to Syed Rafi-ul-Hussain, anyone with minor knowledge about cellular paging protocol can carry out these attack. The first attack is Torpedo, in which paging protocol that is used by carriers to notify device prior to call or message is received, is exploited through its weakness. When numerous calls are canceled in a short period, a paging message is triggered to an incoming call, without any warning to the targeted device, and this can be used by attackers to locate the location of a victim. An attacker can send to delete the paging message, hijack the paging channel, or block messages after getting hold of victim’s paging occasion.
Hussain said that these flaws in 4G and 5G standard have made many phone networks, especially in Europe and Asia, which are vulnerable to these attacks. The researchers decided not to give out the proof-of-concept code, considering the outcomes and sensitivity of exploitation.
4G was meant to be more secure than 3G, and 5G was promising to overcome the rest of the vulnerabilities. But in reality, nothing seems to be in place as per expectations.
Hussain said the flaws are reported to an industry body representing mobile operators, GSMA, which will fix Torpedo and IMSI-Cracking attack. Whereas, Piercer can only be fixed by carriers, but the focus is on Torpedo, which is the basic cause of the other two attacks.
Photo: Robyn Beck/Getty Images
It was believed that tracking calls of users will be much difficult now, but a new attack by the researchers was able to show flaws in the newly promised protections.
This research was carried out by Syed Rafi-ul-Hussain, Nighui Li along with Elisa Bertino at Purdue University and Mitziu Echeverria and Omar Chowdhary at the University of Iowa, who will present their findings at Network and Distribution System Security Symposium in San Diego.
According to Syed Rafi-ul-Hussain, anyone with minor knowledge about cellular paging protocol can carry out these attack. The first attack is Torpedo, in which paging protocol that is used by carriers to notify device prior to call or message is received, is exploited through its weakness. When numerous calls are canceled in a short period, a paging message is triggered to an incoming call, without any warning to the targeted device, and this can be used by attackers to locate the location of a victim. An attacker can send to delete the paging message, hijack the paging channel, or block messages after getting hold of victim’s paging occasion.
Also Read: Beware! Password Managers Are Not As Safe As You ThinkTorpedo leads to two other attacks; Piercer and IMSI-Cracking attack. The piercer is used to determine IMSI (International Mobile Subscriber Identity. While IMSI-Cracking attack, as the name suggests, is used to brute force IMSI number, which is encrypted in 4G and 5G. Law enforcement uses this to detect locations and trace phone logs, making 5G more insecure.
Hussain said that these flaws in 4G and 5G standard have made many phone networks, especially in Europe and Asia, which are vulnerable to these attacks. The researchers decided not to give out the proof-of-concept code, considering the outcomes and sensitivity of exploitation.
4G was meant to be more secure than 3G, and 5G was promising to overcome the rest of the vulnerabilities. But in reality, nothing seems to be in place as per expectations.
Hussain said the flaws are reported to an industry body representing mobile operators, GSMA, which will fix Torpedo and IMSI-Cracking attack. Whereas, Piercer can only be fixed by carriers, but the focus is on Torpedo, which is the basic cause of the other two attacks.
Photo: Robyn Beck/Getty Images