Researchers discover 4G, 5G network flaws that let hackers intercept your calls, track live location

“The security report highlights the key vulnerabilities of surveillance and interception, which even the upcoming 5G networks will be susceptible to.”

Three new security flaws found in 4G and 5G networks can prove to be rather critical ones, as they can be used to intercept phone calls and track live location data of users. A TechCrunch report on the security analysis paper submitted by a group of researchers Syed Rafiul Hussain, Ninghui Li and Elisa Bertinoat from Purdue University, and Mitziu Echeverria and Omar Chowdhury from the University of Iowa — at the Network and Distribution System Security (NDSS) Symposium 2019 throws light at these flaws and highlights the critical potential that each of them has.

All of the findings are reportedly first-time occurrences on both 4G and 5G networks, from what sources have revealed so far. What makes it more critical is how easily can they be leveraged by those with malicious intent, making them ones that are imperative to be fixed before some major hack is carried out across multiple regions globally. Syed Rafiul Hussain, one of the co-authors of the paper, has even said that anyone with a basic understanding of the cellular paging protocols can carry out these attacks.

Paging hack

The three attacks are called ‘Torpedo’, ‘Piercer’ and ‘IMSI-Cracking’, with two of these three attacks being tied to the overall networks, and hence capable of affecting practically any device globally.

For Torpedo, the attacks leverages a paging notification that a network serves a corresponding device, before a phone call or text message is delivered. When multiple calls are made and cancelled to a user’s device without actually making the call, a similar paging notification is triggered towards the targeted receiver’s device, without delivering the notification of an incoming call. This allows the attacker to gain a connection to the target’s device, procuring their live location, thus serving as a major privacy breach. The Torpedo attack further allows attackers to insert counterfeit paging messages, raising the possibility of ransomware calls, phishing attempts, or even malicious acts such as entirely blocking a person’s network.

The other two attacks are closely related to Torpedo — Piercer leads encrypted data packets into revealing the unique international mobile subscriber identity (IMSI) on LTE networks, while IMSI-Cracking, which also has the same end-effect, uses brute force algorithms into cracking the encrypted IMSI data.

Paging hack scheme

This essentially destroys the claim of 5G networks to be more secure, particularly in light of state-sponsored telephonic surveillance in many countries. While 5G networks had claimed to be immune from the use of cell site simulators by law enforcement agencies (known as stingrays) to implement data surveillance, the new flaws render the safety claim to be ineffective. Depending on the kind of devices being used for the hack, attackers can log live user location and track every movement of victims, log phone usage of other users in the vicinity, and even intercept phone calls and text messages.

The flaws have since been reported to the GSMA, the global mobile operator representative body. GSMA is said to have acknowledged the flaws, but there are no timelines so far on how long might it take for them to be patched or for a solution to be designed. The Torpedo and IMSI-Cracking vulnerabilities can only be patched from GSMA’s end, while Piercer can be patched from the operators’ end. Given the serious nature of the vulnerability, the researchers have not released the concept-proof code of the flaw until solutions are discovered.

For an in-depth look at all the vulnerabilities, check out the paper here.