Serious vulnerability found in 4G and 5G
With each generation of new cellular network technology, engineers have tried to eliminate security flaws that plagued the earlier version. Third generation networks were vulnerable to an exploit in Signaling System 7, a protocol used by telecommunications companies to route text messages and phone calls. 4G was designed to mitigate these flaws, but recent studies have found that it is just as vulnerability-ridden as its predecessor. Now, researchers have discovered a new issue in 4G and the upcoming 5G technology that allows attackers to intercept phone calls, text messages, and track users’ locations in real-time.
In a paper presented at the Network and Distributed System Security Symposium in San Diego on Feb. 26, researchers from Purdue University and the University of Iowa revealed Torpedo, an exploit in the paging protocol that mobile carriers use to notify devices of incoming calls and texts. Several phone calls placed and cancelled within a short interval allow a hacker to send a faux paging message, track a user’s location, and hijack the paging channel to inject or deny messages. Additionally, Torpedo puts even the latest 5G devices at risk from Stingrays, fake cell networks used by law enforcement officials to survey phones in an area and log users’ locations.
According to Syed Rafiul Hussain, one of the co-authors of the paper, all four major carriers in the United States, as well as most networks in Europe and Asia, are affected by Torpedo. “Any person with a little knowledge of cellular paging protocols can carry out this attack… such as phone call interception, location tracking, or targeted phishing attacks,” Hussain told TechCrunch. It would only take $200 of radio equipment, but the researchers refuse to provide proof-of-concept code due to the nature of the flaws.
The vulnerabilities were reported to the GSMA, the industry body that represents mobile phone carriers. However, the GSMA has not responded to the study, and a fix could take months or even a new generation of cellular technology.