2 min

A group of scientists found three new security problems in 4G and 5G. According to the scientists, this enables hackers to intercept telephone calls and track the location of smartphone users. That’s what TechCrunch reports.

This would be the first time that vulnerabilities affect both 4G and the upcoming 5G. This new mobile Internet standard must offer higher speeds and better security. However, the researchers argue that the new attacks can also defeat newer protections that were intended to make it more difficult to spy on users.

“Anyone with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the researchers.

Attacks

So there are a total of three attacks. The first is Torpedo, which exploits a vulnerability in the paging protocol. This protocol is used by providers to notify a phone before a call or SMS arrives.

The researchers discovered that various phone calls placed and stopped in a short period of time can trigger a paging message without notifying the target of an incoming call. It allows an attacker to track a victim’s location. It is also possible to take over the channel and add or reject messages.

Torpedo also opens the door to two other attacks: Piercer and the IMSI-Craking attack. With Piercer, a hacker can recognize an international mobile subscriber identity (IMSI) on the 4G network. With the IMSI-Cracking attack it is possible to brutally force an IMSI number on both 4G and 5G, where the numbers are encrypted.

This makes it possible to spy on devices, even the latest versions. The four largest providers in America – AT&T, Verizon, Sprint and T-Mobile – have been hit by Torpedo. It is not clear how this works for Dutch providers.

Reported

The vulnerabilities have been reported to the GSMA, a representative of providers. The organization recognizes the seriousness of the vulnerabilities, but could not yet respond to them. It is not yet known when the problems will be solved. According to the researchers, the Torpedo and IMSI Tracking vulnerabilities must be solved by the GSMA. A solution for Piercer lies with the providers.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.