4G and 5G faults can spy on calls and locate the device

According to researchers, newly discovered security vulnerabilities in 4G and emerging 5G cellular networks can be used to intercept phone calls and track the location of mobile devices.

The trio of attacks, discovered by a group of academics, is considered the first discovery of vulnerabilities affecting both the most used wireless cell technology and the one described as its super fast and more secure successor, according to TechCrunch, who detailed the flaws before their revelation on Tuesday.

5G is supposed to bring supercharged speeds to mobile devices and low latency, paving the way for technological innovations such as autonomous cars and virtual reality. The new technology should also offer a new level of security as government agencies use International mobile subscriber identity or IMSI sensors to borrow the identity of cell towers and spy on phones with older connections.

The researchers' three-part attack is described in an article that will be presented at the Symposium on Network and Distributed Systems Security in San Diego.

The first attack, dubbed Torpedo, exploits a weak paging protocol used by the standards to notify phones of an incoming call or text message before it arrives, the researchers said. Multiple short-term calls could allow a nearby attacker to locate the device, send fake text messages, and conduct a denial of service attack.

The article, written by researchers at Purdue University and the University of Iowa, states that Torpedo entrusts the sage with two additional feats. GSM subscriber device – with a brute force attack called IMSI-Cracking. A third attack, called Piercer, associates the ISMI with the victim's phone number, allowing tracking of users' location, they said.

The exploits are legitimate, say the researchers.

"All of our attacks have been validated and evaluated in the wild with the help of computer hardware and basic software," researchers said in their article.

This means that even the latest cellular protocol is vulnerable to Stingrays – surveillance tools used by the FBI and police across the United States to surreptitiously track the location of mobile phones and other mobile devices.

The torpedo attack can be carried out with radio equipment costing as little as $ 200 and affects the four major wireless carriers in the United States, TechCrunch researchers said.

Representatives from Verizon, AT & T, T-Mobile and Sprint did not immediately respond to requests for comment.