Purdue University researchers Syed Rafiul Hussain, Nighui Li and Elisa Bertino, alongside Iowa University researchers Mitziu Echeverria and Omar Chowdhuri, are about to publish a scientific paper proving new 4G and 5G vulnerabilities. The paper will be presented for the first time at the Network and Distributed System Security which takes place in San Diego, California.
According to TechCrunch, who got access to this paper before being published, 4G and 5G networks can be exploited in order to compromise users privacy. Syed Hussain says that “anyone with a bit of knowledge about cellular network protocols can initiate such an attack” with the right tools.
In the last few years, Stingray devices used by law enforcement officers used similar vulnerabilities to find out the geo-location of users and to monitor that list of calls that happen in the range of the evice. Although right now there is no proof of more advanced devices, researchers think that there might be some tools that can even intercept text messages and calls.
The new vulnerabilities discovered by HUssain’s team are using a “Torpedo” attack, which calls and cancels a call to the target device multiple times thus leading to a vulnerability in the network’s pagination system. Basically, the initiator of the attack can send a text message to the target device without the device recording a call. From here, the call can easily be tracked and can even send fake messages even through the Amber alert system, or can block incoming messages.
The Torpedo attack opens the way to other two types of attack. Piercer, which can be used to detect the identity of the device by revealing the IMSI unique code, an attack that only works on 4G networks and IMSI Cracking, which can find out the IMSI code through “brute force”. This attack works on 4G and 5G networks, despite the fact that it is encrypted on both network types.
So, despite the fact that 5G networks should be more secured than 4G networks, they are still vulnerable to attacks that worked on old generation telecom antennas. Basically, Stingray devices can easily be adapted to target 5G networks, thus allowing law enforcement agencies to find out the geo-location of people who are using 5G equipment.
The researchers have conducted this study in the United States where all four major networks are vulnerable to the Torpedo attack. One of them is also vulnerable to the Piercer attack but it wasn’t revealed which one. Hussain said that Europe and Asia networks are also vulnerable.
Because these new 4G and 5G vulnerabilities are very important, the researchers have informed the GSMA ( world organization representing mobile operators ). GSMA admitted these problems, but it is not clear whether they will be fixed or not. Because 5G networks are still not on, problems might be fixed before the official release.
The researchers will publish the scientific paper, but not the code they used to prove the vulnerabilities, Torpedo, Piercer and IMSI-Cracking being much too dangerous in the wrong hands.
According to Hussain, a device that is capable of doing all these attacks costs approximately $200.
While the IMSI-Cracking and Torpedo vulnerabilities can be exclusively solved by the GSMA, the Piercer vulnerability can only be fixed by mobile operators.