New security flaws that have been discovered in both 4G and the upcoming 5G cellular networks make it easy for an attacker to eavesdrop on your phone calls and track your location.
As TechCrunch explained today, Omar Chowdhury and Mitziu Echeverria at the University of Iowa and Syed Rafiul Hussain along with Ninghui Li and Elisa Bertino at Purdue University, have found three new security flaws in 4G and 5G.
All four major wireless carriers in the United States suffer from the vulnerabilities on the network end. “Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper.
The paper, seen by TechCrunch prior to the talk, details the attacks: the first is Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through.
The researchers found that several phone calls placed and cancelled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location.
This is terrible.
Knowing the victim’s paging occasion also lets an attacker hijack the paging channel and inject or deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether, the researchers say.
Spoofing Amber alerts is a recipe for disaster. Why has this gone unnoticed for so long? And more importantly, did the spy agencies know about any of this?
Torpedo opens the door to two other attacks: Piercer, which the researchers say allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network; and the aptly named IMSI-Cracking attack, which can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted.
The vulnerabilities open new vectors for attack and put the latest 5G devices at risk of attacks via cell site simulators, known as stingrays, that law enforcement use to spy on nearby devices.
The attacks can be carried out using the equipment costing no more than $200. Almost all the wireless cellular networks outside the United States are vulnerable to these attacks, as are many cellular networks operating in Europe and Asia.
A fix for these flaws will require work from the GSM Association (GMA) and carriers. Torpedo remains the priority as it precursors the other vulnerabilities. For security reasons, the researchers have opted against releasing the proof-of-concept code to exploit the flaws.
GSMA recognized the flaws.
Worryingly, this is the first time vulnerabilities have affected both 4G and 5G standards.