Flaws in 4G and 5G allow snooping on calls, pinpointing device location
Researchers say the threat is real.
Steven MusilNight Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
ExpertiseI have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Newly discovered security flaws in the 4G and the emerging
cellular networks can be used to intercept phone calls and track the location of mobile devices, researchers say.
The trio of attacks, discovered by a group of academics, is believed to be the first time vulnerabilities have been uncovered that affect both the most widely used wireless cellular technology and the one hailed as its super-speedy and more secure successor, according to TechCrunch, which detailed the flaws ahead of their reveal Tuesday.
The researchers' three-pronged attack is described in a paper to be presented at the Network and Distributed System Security Symposium in San Diego.
The first attack, dubbed Torpedo, exploits a weakness in the standards' paging protocol used to notify phones of an incoming call or text message before it arrives, the researchers said. Multiple calls made in a short duration could allow a nearby attacker to pinpoint the device and send fake text messages and mount a denial-of-service attack.
The paper, authored by researchers at Purdue University and the University of Iowa, contends that Torpedo sets the sage for two additional exploits, It's "plausible," they say, for an attacker to access a victim device's ISMI -- the unique number identifying the GSM subscriber's device -- with a brute-force attack called IMSI-Cracking. A third attack, called Piercer, pairs the ISMI with the victim's phone number, allowing user location tracking, they said.
The exploits are legit, the researchers say.
"All of our attacks have been validated and evaluated in the wild using commodity hardware and software," researchers said in their paper.
That means even the latest cellular protocol is vulnerable to Stingrays -- surveillance tools used by the FBI and police across the US to surreptitiously track the locations of cell phones and other mobile devices.
The Torpedo attack can be carried out with radio equipment costing as little as $200 and affects all four major US wireless carriers, researchers told TechCrunch.
A Verizon representative said the carrier has reviewed the paper and is evaluating it with its vendors and with standards body organizations to determine the best approach.