Feb 28 2019
According to a research team at Purdue University and the University of Iowa, recently discovered susceptibilities in 5G and 4G networks could be used for intercepting phone calls and tracking the locations of users.
Compared to earlier generations, 5G has promised to be faster and should also be more secure. However, it is hardly reassuring that such serious vulnerabilities have been identified in the latest networks—the 5G standard, in particular, was created to protect against these kinds of threats in a much better way, reported Wired.
5G is trying to enforce stronger security and privacy policies than predecessors. However, it inherits many of its characteristics from previous generations, so it’s possible that vulnerabilities that exist in those generations will trickle down to 5G.
Syed Rafiul Hussain, Postdoctoral Researcher, Department of Computer Science, Purdue University
By simply scanning for texts, incoming calls, and other notifications intermittently, cellular networks try to conserve energy as much as possible. The duration of time at which the device searches for incoming communications, called the paging occasion, are permanently fixed; they are engineered into the 5G or 4G cellular protocol. In case a number of calls are placed and canceled in a brief duration of time, and when the incoming messages are not being scanned by the device, a paging message can be activated without having to notify the device.
In a “torpedo” attack—dubbed by the researchers—this paging message can be used by adversaries to track the location of a victim, and fake paging messages can be subsequently injected and texts and calls can be stopped from coming in. The study findings were presented at the Network and Distributed Security Symposium conducted in San Diego, on Tuesday.
“It doesn’t require an experienced hacker to perform this attack,” stated Hussain. “Anyone with a little knowledge of cellular paging protocols could carry it out.”
In addition, torpedo gives way to two other attacks—one that enables attackers to acquire the international mobile subscriber identity (IMSI) of the device on 4G networks, and another that enables hackers to acquire the “soft identities” of a victim, like Twitter handle or phone number, on 5G and 4G networks.
“The IMSI-Cracking attack is a huge blow for 5G because it bypasses the network’s new security policies to protect users’IMSIs from exposure,” stated Hussain.
According to the study, the torpedo can be performed through the networks of all four leading cellular companies in the United States, like AT&T, T-Mobile, Verizon, and Sprint.
Hussain informed that Piercer, the attack that can link the phone number of a victim with its IMSI and enable targeted location tracking, may soon be fixed by the networks sensitive to it. The industry group overseeing the development of GSM, the mobile data standards, is currently working to fix torpedo.
Unfortunately, their proposed fixes are still vulnerable to the torpedo attack, which could have a lasting effect on the privacy of 5G users.
Syed Rafiul Hussain, Postdoctoral Researcher, Department of Computer Science, Purdue University