Security flaws in 4G and 5G allow snooping on phone users

Phone mast

Phone mast

Syed Raiful Hussain, Ninghui Li, Elisa Bertino, Mitziu Echeverria and Omar Chowdhury all contributed to a research paper titled "Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information" which details how these new vulnerabilities can defeat even the latest protections in 5G created to make it more hard to spy on mobile users.

Newly discovered security flaws in the 4G and the emerging 5G cellular networks can be used to intercept phone calls and track the location of mobile devices, researchers say.

The researchers are set to reveal their findings at the Network and Distributed System Security Symposium in San Diego this week. The researchers also said that the new attack methods they developed can beat new protection measures. All four of the largest USA carriers (AT&T, Sprint, T-Mobile and Engadget parent Verizon) are susceptible to Torpedo, while one unnamed network could also fall prey to Piercer. The three flaws are called Torpedo, Piercer, and IMSI-Cracking attack. These kinds of attacks can be conducted on AT&T, Verizon, Sprint, and T-Mobile phones, showing that the supposedly more security 4G and 5G are "just as vulnerable" as their "3G predecessor", TechCrunch writes. The nature of these attacks means devices on 5G, along with the already widespread 4G, can be infiltrated with simple radio equipment that costs around $200, TechCrunch explains.

Next Porsche Macan Will Be Fully Electric, Coming After 2020
Specific details are slim as of now, Porsche only confirming the Macan will have 800-volt charging technology. Production of the electric Macan "will begin early in the next decade" at a plant in Germany, Porsche said.

The first attack, dubbed Torpedo, exploits a weakness in the standards' paging protocol used to notify phones of an incoming call or text message before it arrives, the researchers said.

According to one of the co-authors Syed Rafiul Hussain, the attack can be carried out by anyone who is well-versed with cellular paging protocols.

After understanding the victim's paging period, the attacker can hijack the paging channel and inject or reject the paging message by sniffing the Aberdeen alert or other information or completely blocking the information. Piercer allows the hacker to know an worldwide mobile subscriber identity (IMSI) on the 4G network; and the IMSI-Cracking attack decrypts the IMSI number in both 4G and 5G networks. These flaws put phones at risk from stingrays - a term used by law enforcement to identify real-time location and intercept phone calls and texts as well.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.