Major security flaws discovered in 4G and 5G

null

Researchers have uncovered a number of major security holes in the communications protocols governing 4G and 5G networks. 

The flaws could allow an attacker, even not one necessarily highly skilled or educated, to intercept phone calls and track the victim's location.

The flaw was uncovered by Ninghui Li and Elisa Bertino at Purdue University, and Mitziu Echeverria and Omar Chowdhury at the University of Iowa.

The three flaws that they have uncovered are called Torpedo, Piercer and IMSI-Cracking.

Torpedo is used to track the victim's location, and it works by calling, and cancelling, multiple calls in a short period. That can trigger a paging message which the attackers can use to track the location.

Piercer, which allows an attacker to determine an international mobile subscriber identity (IMSI) on the 4G network, becomes available if Torpedo is executed correctly. Finally, IMSI-Cracking can brute force an IMSI number in both 4G and 5G networks, where IMSI numbers are encrypted.

All things combined, 4G and 5G devices become susceptible to the so-called stingrays - cell site simulators used by law enforcement agencies.

The researchers had reached out to GSMA, which acknowledged the bugs, but for the time being, we don’t know how or when it will be fixed.

You can read more about the flaws on this link.

Image Credit: Geralt / Pixabay

Topics

4g
5g