Security researchers have found three new security flaws in 4G and 5G, which could be exploited to intercept the phone calls and track the location of a cell phone.
Discovery of the flaws is said to be a huge set back for both 4G and the new 5G technology, which is much more faster, and has better security, it is particularly against the enforcement law of cell site simulators, known as “stingrays.”
“Any person with a little knowledge of cellular paging protocols can carry out this attack,” said Syed Rafiul Hussain, one of the co-authors of the paper, said in an Email interview with TechCrunch.
The team includes Syed Rafiul Hussain, Ninghui Li and Elisa Bertino from the Purdue University, and Mitziu Echeverria and Omar Chowdhury from the University of Iowa. They have revealed their findings at the Network and Distributed System Security Symposium in San Diego on Tuesday.
The paper includes details of the attacks that could be implemented. The first is "Torpedo, which exploits a weakness in the paging protocol that carriers use to notify a phone before a call or text message comes through. The researchers found that several phone calls placed and canceled in a short period can trigger a paging message without alerting the target device to an incoming call, which an attacker can use to track a victim’s location. Knowing the victim’s paging occasion also lets an attacker hijack the paging channel and injector deny paging messages, by spoofing messages like Amber alerts or blocking messages altogether," reported by TechCrunch.
According to security experts, most of the operators in the US including AT&T, Verizon, Sprint and T-Mobile are affected by Torpedo, and the attacks can be carried out with radio equipment costing as little as $200.