Researchers from Purdue University and the University of Iowa have discovered three new security flaws that affect 4G and 5G. The vulnerabilities can lead to phone call interceptions and location tracking, posing a serious possible security issue.
According to the researchers, the flaws appear in both 4G and 5G, even though the latter was supposed to provide better security. Therefore, newer protections do not work as well as previously believed. The paper explains how the flaws can be abused to recover the device's International Mobile Subscriber Identity—both 4G and 5G are susceptible to Torpedo and IMSI-Cracking attack, while 4G can be affected by Piercer.
“Any person with a little knowledge of cellular paging protocols can carry out this attack,” the paper’s co-author Syed Rafiul Hussain told TechCrunch.
Due to the severity of the hack, the researchers will not release the proof-of-concept code. However, TechCrunch reports, the GSMA has been informed regarding the flaws and has since then recognised them; it is yet to fix them.
The findings have been published in a paper and will be presented on at the Network and Distributed System Security Symposium in San Diego tomorrow.