Hackers can use these 4G, 5G vulnerabilities to track you
Security researchers have identified critical vulnerabilities in 4G and 5G networks, bugs that allow hackers to intercept phone calls and use them to track locations. The attack methods require some technical knowledge but can give away your location easily if executed successfully. Not to mention, this can also lead to a significant rise in government tracking attempts. Here's more on the flaws.
Paging protocol bug in 4G and 5G
Speaking to TechCrunch, the researchers detailed the attacks stemming from the vulnerabilities. The first, called Torpedo, revolves around exploiting a weakness in the paging protocols used by carriers to notify a phone about an incoming call/message. They discovered that making multiple calls and canceling them over a short period triggers a paging message without alerting the device of an incoming call.
Then, the call can be used for tracking
Once an attacker manages to exploit the bug to send a call without alerting the targeted device, they could use it to track the location of the device. However, they didn't give an exact explanation for how that would happen.
Plus, Torpedo opens gates for two other bugs
The research group, which will present their findings at the upcoming Network and Distributed System Security Symposium, noted that the Torpedo attack also opened gates for two other attacks. The first attack, named Piercer (on 4G), gives away unique IMSI numbers used to identify users of a network, while the second (4G, 5G) revolves around cracking the same encrypted number through a brute-force technique.
This information also enables real-time tracking
Just like the first attack, the information from these two attacks also allows intruders to intercept calls and track the real-time location of their targets. In this case, the attacker would have to use site simulators like Stingrays used by the US government.
Is everyone affected from this bug?
The researchers have emphasized that almost all 4G and 5G networks across the globe appear to be affected by this bug. In the US alone, carriers like AT&T, Sprint, T-Mobile, and Verizon have been impacted by Torpedo. Syed Rafiul Hussain, a researcher involved in the work, told TechCrunch that "any person with a little knowledge of cellular paging protocols can carry out this attack".
Fix may come soon
Having said that, it is important to note that all three attacks have been reported to the GSMA, the industry body representing cellular networks. The organization, according to the researchers, has recognized the bugs, but it still remains unclear when a fix might be released. They think the body should fix Torpedo first as it leads to the other two attacks.
Meanwhile, India inches closer to 5G
The report comes just as telecom giants and gear makers continue to carry out tests to set up 5G infrastructure in India. They plan to make the next-gen network available in 2020, following spectrum auction, equipment testing, and ecosystem development by the end of this year. Notably, 5G will connect to the internet in 1 millisecond and offer 10-100 times faster speeds than 4G.