Skip to main content

Major security flaws discovered in 4G and 5G

(Image credit: Image Credit: Geralt / Pixabay)

Researchers have uncovered a number of major security holes in the communications protocols governing 4G and 5G networks. 

The flaws could allow an attacker, even not one necessarily highly skilled or educated, to intercept phone calls and track the victim's location.

The flaw was uncovered by Ninghui Li and Elisa Bertino at Purdue University, and Mitziu Echeverria and Omar Chowdhury at the University of Iowa.

The three flaws that they have uncovered are called Torpedo, Piercer and IMSI-Cracking.

Torpedo is used to track the victim's location, and it works by calling, and cancelling, multiple calls in a short period. That can trigger a paging message which the attackers can use to track the location.

Piercer, which allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network, becomes available if Torpedo is executed correctly. Finally, IMSI-Cracking can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted.

All things combined, 4G and 5G devices become susceptible to the so-called stingrays - cell site simulators used by law enforcement agencies.

The researchers had reached out to GSMA, which acknowledged the bugs, but for the time being, we don’t know how or when it will be fixed.

You can read more about the flaws on this link (opens in new tab).

Image Credit: Geralt / Pixabay

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.