A group of academics from the University of Iowa has discovered three flaws in both 4G and 5G networks which could allow attackers to intercept phone calls and track the location of smartphones. Published in a report picked up by TechCrunch, this is believed to be the first major vulnerability in 4G and 5G networks identified in recent times.
The first of the flaws open up the possibility for an attack known as “Torpedo.” This takes advantage of a protocol that is used by major cellular networks whenever a phone is pinged before a call or text message is sent to it. According to the report, placing several phone calls and canceling them over a short a short period can lead to a paging message that can be exploited to track back the location of a smartphone. This also could allow an attacker to, in turn, leverage the paging channel and generate fake messages or block SMS messages altogether.
“Additionally, for a targeted attack, if the attacker is aware of the victim’s often visited locations, then the attacker can set up sniffers on those locations to create the victim’s cell level mobility profile. Torpedo can also enable the attacker to detect the connection status of the victim’s device leading to privacy issues,” explains the report.
Torpedo is the prerequisite for the second and third attacks. Known as “Piecer,” the second attack allows attackers to uncover the international mobile subscriber identity (IMSI) or network identity of a cellphone attached to a 4G network. The final of the attacks is known as an IMSI cracking attack, which forces and unencrypts an ISMI number on either a 4G or 5G network.
According to TechCrunch, these types of attacks also show that even new 5G devices are at risk from the use of stingrays, the devices which authorities often leverage to track down the location of a specific cell phone. T-Mobile, AT&T, Verizon, and Sprint are all impacted by these three attacks, including their networks in both Europe and Asia. All of the flaws were reported to GSMA, a group which represents the interests of mobile operators worldwide. Fixes for Torpedo are the responsibility of the GSMA, and Piecer attack will have to be addressed by individual carriers.