Scholars from the University of Iowa and Purdue University were recently involved in a research to confirm the possibility of any security flaws in the 4G network and the newly launched 5G network. The results are not that great as it is clear that these networks are not as secure as everyone had hoped and thought. The research was presented at the Network and Distributed Security System Symposium in Sandiego in a document titled, “Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information” which describes the new flaws that would be a huge blow to even the recent security features in the 5G network.
The academics, Syed Raiful Hussain, Ninghui Li, Elisa Bertino, Mitziu Echeverria and Omar Chowdhury involved in the expedition, revealed this security faults for the first in the two networks that would be used by attackers to spy on mobile subscribers referred to as ‘stingrays’.
In the document, two attacks were described, the first known as ‘Torpedo’, that exposes the network to weaknesses in the paging protocol used by conveyors to inform a phone of an incoming call or text message. The document did report the possibility of a hacker tracking a user’s location in the instance of numerous cancelled calls that can cause a summon message without notifying the target device of an incoming call. The incomplete call then helps the hacker to find out the victim’s paging location. Once the attacker has access to the paging location /address, they can now either inject their own messages into the paging channel or even block incoming notifications or both.
Other than that, a ‘Piercer’ can also be launched that makes it easy to get the International Mobile subscriber identity (IMSI) of the victim. This can then be followed by ‘IMSI-Cracking’ where the attacker forces an IMSI number on the 4G and 5G networks where those numbers are encrypted. All these attacks are however totally dependent on the hacker’s ability to inject a Torpedo in the paging channel.
This report has come as a surprise since it places all the newest 5G-capable devices that have not even been launched for sale at a risk from the stingrays. This also includes all the phones of the last decade. The report also claimed that the attack can be successfully done with just $200 worth of radio equipment. Luckily, the researchers never released any program evidence of the attack lest anyone dares to get it to actual use on the already 4G network existing. About all mobile networks over the world have been reported to be prone to these vulnerabilities
It has been reported that the research has been given to GSMA, the industry representing mobile networks globally, who are actually responsible for fixing the flaws and well-likely to fix the Torpedo and IMSI-Cracking risks first. With the Torpedo being the very priority of flaws to be fixed, mobile carriers will be the ones up to task to fix this crown vulnerability.